1. seandroid
  2. Untitled project
  3. external/sepolicy

Commits

Show all
Author Commit Message Date Builds
Stephen Smalley
Merge branch 'master' into seandroid
Branches
seandroid
Jeffrey Vander Stoep
am b01a18b9: Merge "grant installd rx perms on toybox" * commit 'b01a18b99e775f81e01a0f873e37301b82f8519e': grant installd rx perms on toybox
Jeffrey Vander Stoep
Merge "grant installd rx perms on toybox"
Jeff Vander Stoep
grant installd rx perms on toybox Installd uses cp when relocating apps to sdcard. avc: denied { execute } for name="toybox" dev="mmcblk0p10" ino=315 scontext=u:r:installd:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file Bug: 24617685 Change-Id: Id1a3039bbfc187c074aa50d426278964c40e4bde
William Roberts
am 7fc865a4: service_contexts: don\'t delete intermediate on failure * commit '7fc865a4caec1a2ced41918449e34596f50f8c43': service_contexts: don't delete intermediate on failure
William Roberts
am dcffd2b4: property_contexts: don\'t delete intermediate on failure * commit 'dcffd2b482a625a99233d82019d7b96919c41600': property_contexts: don't delete intermediate on failure
Colin Cross
am 9eb6c874: Revert "property_contexts: don\'t delete intermediate on failure" * commit '9eb6c87439da2b00699f644a8b8c335bf8cd9680': Revert "property_contexts: don't delete intermediate on failure"
Colin Cross
am efcaecab: Revert "service_contexts: don\'t delete intermediate on failure" * commit 'efcaecab4eb075fdc69942e6915999458fb5f88b': Revert "service_contexts: don't delete intermediate on failure"
Jeffrey Vander Stoep
am 23c42c38: Merge "service_contexts: don\'t delete intermediate on failure" * commit '23c42c389b07f6ebda69ca8e834c27b27460879a': service_contexts: don't delete intermediate on failure
Jeffrey Vander Stoep
am e6e94762: Merge "property_contexts: don\'t delete intermediate on failure" * commit 'e6e947622514bdf0b80bf093c0df1a7d9ae12c37': property_contexts: don't delete intermediate on failure
William Roberts
service_contexts: don't delete intermediate on failure When service_contexts fails to build, the file is deleted leaving only the error message for debugging. Build service_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: Ib9dcbf21d0a28700d500cf0ea4e412b009758d5d Signed-off-by: William Roberts <william.c.roberts@intel.com>
William Roberts
property_contexts: don't delete intermediate on failure When property_contexts fails to build, the file is deleted leaving only the error message for debugging. Build property_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: Ia86eb0480c9493ceab36fed779b2fe6ab85d2b3d Signed-off-by: William Roberts <william.c.roberts@intel.com>
Colin Cross
Revert "property_contexts: don't delete intermediate on failure" This reverts commit 7f81b337bc600251b37de2dfa70c47781a2f2d3c. Change-Id: I79834d0ef3adbf2eed53b07d17160876e2a999c6
Colin Cross
Revert "service_contexts: don't delete intermediate on failure" This reverts commit f6ee7a521942036ef7f5c0f6bc74520509934141. Change-Id: I4f1396e6e4aeecd1109f9c24494c6e82645c0663
Jeffrey Vander Stoep
Merge "service_contexts: don't delete intermediate on failure"
Jeffrey Vander Stoep
Merge "property_contexts: don't delete intermediate on failure"
Nick Kralevich
am 331c2e96: Merge "Add audit_read permission to capability2" * commit '331c2e9602be6039640f3a5c0138406dbf849528': Add audit_read permission to capability2
Nick Kralevich
Merge "Add audit_read permission to capability2"
Woojung Min
Add audit_read permission to capability2 In kernel 3.18 following error message is seen since audit_read is added to capability2 at classmap.h So add audit_read permission to capability2. SELinux: Permission audit_read in class capability2 not defined in policy. SELinux: the above unknown classes and permissions will be denied The kernel change from AOSP is: https://android.googlesource.com/kernel/common/+/3a101b8de0d39403b2c7e5c23fd0…
William Roberts
service_contexts: don't delete intermediate on failure When service_contexts fails to build, the file is deleted leaving only the error message for debugging. Build service_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: Ib9c9247d36e6a6406b4df84d10e982921c07d492 Signed-off-by: William Roberts <william.c.roberts@intel.com>
William Roberts
property_contexts: don't delete intermediate on failure When property_contexts fails to build, the file is deleted leaving only the error message for debugging. Build property_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: I431d6f4494fa119c1873eab0e77f0eed3fb5754e Signed-off-by: William Roberts <william.c.roberts@intel.com>
dcashman
am 226caf49: Merge "Remove mediaserver sysfs write permissions." * commit '226caf49e0f913a723ec6c707f9abf5516c6f906': Remove mediaserver sysfs write permissions.
dcashman
Merge "Remove mediaserver sysfs write permissions."
William Roberts
am 3746a0ae: file_contexts: don\'t delete intermediate on failure * commit '3746a0ae63a56a6b18fabd3e89bfe4760a1691e3': file_contexts: don't delete intermediate on failure
William Roberts
file_contexts: don't delete intermediate on failure Currently, if an error is detected in a file_contexts file, the intermediate file_context.tmp file is removed, thus making debugging of build issues problematic. Instead, employ checkfc tool during the compilation recipe so the m4 concatenated intermediate is preserved on failure. Change-Id: Ic827385d3bc3434b6c2a9bba5313cd42b5f15599 Signed-off-by: William Roberts <william.c.roberts@intel.com>
dcashman
Remove mediaserver sysfs write permissions. Mediaserver no longer appears, and maybe never did, need write permission to sysfs files. commit: 1de9c492d1343f7c92b4a7d6aa8da82c97bbf7d8 added auditing to make sure this is the case, and such access has not been observed. Remove the permissions and the associated auditallow rule to further confine the mediaserver sandbox. Bug: 22827371 Change-Id: I44ca1521b9791db027300aa84e54c074845aa735
Jeff Vander Stoep
am 483fd267: Enforce no persistent logging on user builds * commit '483fd267359a457ca4ac4c4a2cbce38af6c15981': Enforce no persistent logging on user builds
Jeff Vander Stoep
Enforce no persistent logging on user builds For userdebug and eng builds enforce that: - only logd and shell domains may access logd files - logd is only allowed to write to /data/misc/logd Change-Id: Ie909cf701fc57109257aa13bbf05236d1777669a
Ivan Krasin
am 9aa41303: asan: update condition to work with multiple SANITIZE_TARGET values. * commit '9aa413036bde2c80c25b381bd685ab05f8390127': asan: update condition to work with multiple SANITIZE_TARGET values.
Ivan Krasin
asan: update condition to work with multiple SANITIZE_TARGET values. The goal is to enable SANITIZE_TARGET='address coverage', which will be used by LLVMFuzzer. Bug: 22850550 Change-Id: I953649186a7fae9b2495159237521f264d1de3b6
  1. Prev
  2. Next