6 years agoMerge cherrypicks of [3134552, 3130583, 3131953, 3131954, 3131955, 3131956, 3131957... android-8.1.0_r1 android-8.1.0_r10 android-8.1.0_r11 android-8.1.0_r12 android-8.1.0_r15 android-8.1.0_r16 android-8.1.0_r19 android-8.1.0_r23 android-8.1.0_r3 android-8.1.0_r4 android-8.1.0_r5 android-8.1.0_r6 android-cts-8.1_r1
Merge cherrypicks of [3134552, 3130583, 3131953, 3131954, 3131955, 3131956, 3131957, 3131958, 3131959, 3132062, 3132336, 3131074, 3133939, 3131024, 3131025, 3131026, 3130584, 3130879, 3130880] into oc-mr1-release
Change-Id: If68afda5ce15c6fd6b6868f115e2975c2aeb1320
Change-Id: If68afda5ce15c6fd6b6868f115e2975c2aeb1320
Allow Instant/V2 apps to load code from /data/data
This restriction causes issues with dynamite.
Since untrusted_v2_app was about enforcing this constraint put installed
v2 applications back into the normal untrusted_app domain.
Bug: 64806320
Test: Manual test with app using dynamite module
Change-Id: I3abf3ade64aaf689039a515de642759dd39ae6f7
(cherry picked from commit fe836817942f21eaf6a33f137ea56eb1329d29fe)
This restriction causes issues with dynamite.
Since untrusted_v2_app was about enforcing this constraint put installed
v2 applications back into the normal untrusted_app domain.
Bug: 64806320
Test: Manual test with app using dynamite module
Change-Id: I3abf3ade64aaf689039a515de642759dd39ae6f7
(cherry picked from commit fe836817942f21eaf6a33f137ea56eb1329d29fe)
Snap for 4399693 from 67b2da4431f4b2e399e62c1d0b02a47d61853e73 to oc-mr1-release
Change-Id: Ia227a61932d447a2085a870cdc16b992720c344c
Change-Id: Ia227a61932d447a2085a870cdc16b992720c344c
package sepolicy-analyze as part of VTS
Bug: 67848572
Test: mma
Change-Id: I75520b6aa19e44854129697b3c3e375427356e6a
Bug: 67848572
Test: mma
Change-Id: I75520b6aa19e44854129697b3c3e375427356e6a
Snap for 4378450 from 0ca697337c52093c8f53d59abe07e9653b4c6c46 to oc-mr1-release
Change-Id: I602800c6102c645df3cd89dd22ce41e4da5c2b7f
Change-Id: I602800c6102c645df3cd89dd22ce41e4da5c2b7f
Merge "Retain hal_drm_server attribute for neverallow tests" into oc-mr1-dev
Snap for 4373604 from 03596f28a484e8954c168ce5053e34d4a17dd396 to oc-mr1-release
Change-Id: Icc47bf0f6e61abb313f33fc1a6812a0fb754e0f6
Change-Id: Icc47bf0f6e61abb313f33fc1a6812a0fb754e0f6
Retain hal_drm_server attribute for neverallow tests
Addresses:
Warning! Type or attribute hal_drm_server used in neverallow
undefined in policy being checked.
Bug: 67296580
Test: Build
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
Change-Id: I07f9825536637a21a91c77e87366861503f6ebac
Addresses:
Warning! Type or attribute hal_drm_server used in neverallow
undefined in policy being checked.
Bug: 67296580
Test: Build
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
Change-Id: I07f9825536637a21a91c77e87366861503f6ebac
Include 26.0 compat file on system image.
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25
release-request-ca7a0f27-e01e-4493-95dc-73b265f88cc9-for-git_oc-mr1-release-4365318 snap-temp-L33600000106883904
Change-Id: I65d1024e3ad9b306f422c185dd3a6d1e17cf613e
Change-Id: I65d1024e3ad9b306f422c185dd3a6d1e17cf613e
Merge "Add userbuild() macro for user-build-only policy" into oc-mr1-dev
Merge "system_server: read symlinks in /cache" into oc-mr1-dev
system_server: read symlinks in /cache
type=1400 audit(0.0:6): avc: denied { read } for comm="Thread-5"
name="cache" dev="dm-0" ino=13 scontext=u:r:system_server:s0
tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0
Bug: 64067152
Bug: 65843095
Test: build
Change-Id: Ie90c0343a834aa87b7ded41f503e05d9b63b3244
(cherry picked from commit a4cada74399f51a9e0fcf888cd1a9acfa285c679)
type=1400 audit(0.0:6): avc: denied { read } for comm="Thread-5"
name="cache" dev="dm-0" ino=13 scontext=u:r:system_server:s0
tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0
Bug: 64067152
Bug: 65843095
Test: build
Change-Id: Ie90c0343a834aa87b7ded41f503e05d9b63b3244
(cherry picked from commit a4cada74399f51a9e0fcf888cd1a9acfa285c679)
release-request-a41f1f54-b764-45d4-b9ce-16ae3001be88-for-git_oc-mr1-release-4362737 snap-temp-L87100000106492125
Change-Id: I98f36eead57573104e1c879539f8913ab6cd2265
Change-Id: I98f36eead57573104e1c879539f8913ab6cd2265
Add userbuild() macro for user-build-only policy
Particularly useful for suppressing selinux logspam for debug-only
permissions.
Bug: 65843095
Test: build, boot, and run tests on user and userdebug builds.
Change-Id: I18ce0b2cf1e96ca037e93309dddb476a150b677f
Particularly useful for suppressing selinux logspam for debug-only
permissions.
Bug: 65843095
Test: build, boot, and run tests on user and userdebug builds.
Change-Id: I18ce0b2cf1e96ca037e93309dddb476a150b677f
Preserve hal_cas_server attribute
It's used in CTS neverallow tests.
Addresses:
Warning! Type or attribute hal_cas_server used in neverallow
undefined in policy being checked.
Bug: 66910049
Test: build
Change-Id: Ia185f266fc1e3cb87c39939fdd45d02efa6c2c94
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
It's used in CTS neverallow tests.
Addresses:
Warning! Type or attribute hal_cas_server used in neverallow
undefined in policy being checked.
Bug: 66910049
Test: build
Change-Id: Ia185f266fc1e3cb87c39939fdd45d02efa6c2c94
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
release-request-4f3e6ea6-241a-4b05-b30f-5977c3f8253d-for-git_oc-mr1-release-4357973 snap-temp-L90600000105740988
Change-Id: I044af07451a9208d8daa1d6d492c37d2cc524b2a
Change-Id: I044af07451a9208d8daa1d6d492c37d2cc524b2a
Remove domain_deprecated audit logging
These are no longer necessary as domain_deprecated has been
removed in AOSP master.
Bug: 66749762
Test: build
Merged-In: I99953ecc7d275fdbe8e56d8f47a27d1f9e1cc09a
Change-Id: I01878a4410f8cb3c97ff96c67845dfaa7b0051ce
These are no longer necessary as domain_deprecated has been
removed in AOSP master.
Bug: 66749762
Test: build
Merged-In: I99953ecc7d275fdbe8e56d8f47a27d1f9e1cc09a
Change-Id: I01878a4410f8cb3c97ff96c67845dfaa7b0051ce
release-request-336ddfb0-c762-4bda-8684-20198669642d-for-git_oc-mr1-release-4346879 snap-temp-L51800000104038734
Change-Id: I8712a3c281795ced6b2b1fbb1437722dffc35924
Change-Id: I8712a3c281795ced6b2b1fbb1437722dffc35924
Allow sensor hal to use wakelock
Added permission related to use of wake lock. Wakelock in sensor
HAL is used to gurantee delivery of wake up sensor events before
system go back to sleep.
Bug: 63995095
Test: QCOM and nanohub sensor hal are able to acquire wakelock
successfuly.
Change-Id: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
Merged-In: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
Added permission related to use of wake lock. Wakelock in sensor
HAL is used to gurantee delivery of wake up sensor events before
system go back to sleep.
Bug: 63995095
Test: QCOM and nanohub sensor hal are able to acquire wakelock
successfuly.
Change-Id: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
Merged-In: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
release-request-1f2fcfef-9736-44dc-8628-3ba96dac60db-for-git_oc-mr1-release-4343541 snap-temp-L73700000103533431
Change-Id: I16b931fc5c40ce2024719b1693d30c8117b828fa
Change-Id: I16b931fc5c40ce2024719b1693d30c8117b828fa
do not expand hal_cas attribute
Addresses:
junit.framework.AssertionFailedError: The following errors were
encountered when validating the SELinuxneverallow rule:
neverallow { domain -adbd -dumpstate -hal_drm -hal_cas -init
-mediadrmserver -recovery -shell -system_server }
serialno_prop:file { getattr open read ioctl lock map };
Warning! Type or attribute hal_cas used in neverallow undefined in
policy being checked.
libsepol.report_failure: neverallow violated by allow mediaextractor
serialno_prop:file { ioctl read getattr lock map open };
libsepol.report_failure: neverallow violated by allow mediacodec
serialno_prop:file { ioctl read getattr lock map open };
libsepol.report_failure: neverallow violated by allow hal_cas_default
serialno_prop:file { ioctl read getattr lock map open };
libsepol.check_assertions: 3 neverallow failures occurred
Bug: 65681219
Test: build
Change-Id: I2a6445d6372ee4e768cc2cea2140c6de97707a74
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
Addresses:
junit.framework.AssertionFailedError: The following errors were
encountered when validating the SELinuxneverallow rule:
neverallow { domain -adbd -dumpstate -hal_drm -hal_cas -init
-mediadrmserver -recovery -shell -system_server }
serialno_prop:file { getattr open read ioctl lock map };
Warning! Type or attribute hal_cas used in neverallow undefined in
policy being checked.
libsepol.report_failure: neverallow violated by allow mediaextractor
serialno_prop:file { ioctl read getattr lock map open };
libsepol.report_failure: neverallow violated by allow mediacodec
serialno_prop:file { ioctl read getattr lock map open };
libsepol.report_failure: neverallow violated by allow hal_cas_default
serialno_prop:file { ioctl read getattr lock map open };
libsepol.check_assertions: 3 neverallow failures occurred
Bug: 65681219
Test: build
Change-Id: I2a6445d6372ee4e768cc2cea2140c6de97707a74
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
release-request-957cd691-fb71-4770-8ff7-a3b9602655a5-for-git_oc-mr1-release-4314464 snap-temp-L54400000099147910
Change-Id: Ibc01371ae74f0b6fb1c2eb35b9f1a8dd6429fa1f
Change-Id: Ibc01371ae74f0b6fb1c2eb35b9f1a8dd6429fa1f
Merge "Give media.metrics service access to uid/pkg info" into oc-mr1-dev
Merge cherrypicks of [2836977, 2836171, 2836172, 2836173, 2836174, 2836978, 2836979] into oc-mr1-release
Change-Id: Iac019fd094fb2f6fc752abff02bb220d646578c8
Change-Id: Iac019fd094fb2f6fc752abff02bb220d646578c8
Revert "Add screencap domain."
This reverts commit f27bba93d1559c22c0c07f8e0bec4e4e5945e230.
Bug: 65206688
Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
(cherry picked from commit 60e538377a4694c748bc2c8ac268c773f7889b9c)
This reverts commit f27bba93d1559c22c0c07f8e0bec4e4e5945e230.
Bug: 65206688
Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
(cherry picked from commit 60e538377a4694c748bc2c8ac268c773f7889b9c)
Revert "Permissions for screencap saving files to /sdcard/"
This reverts commit c12c734932a3359ee6ae98859c40b355b151dc8d.
Bug: 65206688
Change-Id: Ia2a04906f8585bf295b8c75e0b3d09490afb5d24
(cherry picked from commit f606a51e5aaa9bdee9db27cf95cbfa6a2c6acf89)
This reverts commit c12c734932a3359ee6ae98859c40b355b151dc8d.
Bug: 65206688
Change-Id: Ia2a04906f8585bf295b8c75e0b3d09490afb5d24
(cherry picked from commit f606a51e5aaa9bdee9db27cf95cbfa6a2c6acf89)
Revert "Add permissions for screencap for dumpstate."
This reverts commit b5dd44b1ba22e47360714513bc78de6c5c23ec64.
Bug: 65206688
Change-Id: I00431ae7834a562e34e8959446d84a0077834091
(cherry picked from commit 9c571765d105a2781a375c9560883183d4853325)
This reverts commit b5dd44b1ba22e47360714513bc78de6c5c23ec64.
Bug: 65206688
Change-Id: I00431ae7834a562e34e8959446d84a0077834091
(cherry picked from commit 9c571765d105a2781a375c9560883183d4853325)
Merge "cgroup: allow associate to tmpfs" into oc-mr1-dev
Merge "Allow lmkd read memcg stats." into oc-mr1-dev
cgroup: allow associate to tmpfs
Allows groups to be mounted at /dev/memcg
Addresses:
avc: denied { associate } for comm="init" name="memcg"
scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0
tclass=filesystem permissive=0
Bug: 64067152
Test: build
Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
Allows groups to be mounted at /dev/memcg
Addresses:
avc: denied { associate } for comm="init" name="memcg"
scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0
tclass=filesystem permissive=0
Bug: 64067152
Test: build
Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
Allow lmkd read memcg stats.
Currently lmkd is not able to read memcg info. The mem/swap usage
info are used by lmkd to ugrade medium pressure events to critical
level.
Test: tested on gobo
Bug: 65180281
Change-Id: I19d0eb53d5e754c176ffeda1b5d07049e6af8570
Currently lmkd is not able to read memcg info. The mem/swap usage
info are used by lmkd to ugrade medium pressure events to critical
level.
Test: tested on gobo
Bug: 65180281
Change-Id: I19d0eb53d5e754c176ffeda1b5d07049e6af8570
Revert "Add screencap domain."
This reverts commit f27bba93d1559c22c0c07f8e0bec4e4e5945e230.
Bug: 65206688
Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
This reverts commit f27bba93d1559c22c0c07f8e0bec4e4e5945e230.
Bug: 65206688
Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
Revert "Permissions for screencap saving files to /sdcard/"
This reverts commit c12c734932a3359ee6ae98859c40b355b151dc8d.
Bug: 65206688
Change-Id: Ia2a04906f8585bf295b8c75e0b3d09490afb5d24
This reverts commit c12c734932a3359ee6ae98859c40b355b151dc8d.
Bug: 65206688
Change-Id: Ia2a04906f8585bf295b8c75e0b3d09490afb5d24
Revert "Add permissions for screencap for dumpstate."
This reverts commit b5dd44b1ba22e47360714513bc78de6c5c23ec64.
Bug: 65206688
Change-Id: I00431ae7834a562e34e8959446d84a0077834091
This reverts commit b5dd44b1ba22e47360714513bc78de6c5c23ec64.
Bug: 65206688
Change-Id: I00431ae7834a562e34e8959446d84a0077834091
Merge cherrypicks of [2830125, 2833486, 2833487, 2833488, 2831683, 2831684, 2832961] into oc-mr1-release
Change-Id: I6d0ae30e33758bffb903a1e628a3606bc02b111e
Change-Id: I6d0ae30e33758bffb903a1e628a3606bc02b111e
Add permissions for screencap for dumpstate.
screencap domain needs additional permissions for
dumpstate to dump screenshots.
Test: adb shell cmd activity bug-report
Bug: 65206688
Change-Id: I824f345fd90d286454d570576c5888d7719c4c5c
(cherry picked from commit b5dd44b1ba22e47360714513bc78de6c5c23ec64)
screencap domain needs additional permissions for
dumpstate to dump screenshots.
Test: adb shell cmd activity bug-report
Bug: 65206688
Change-Id: I824f345fd90d286454d570576c5888d7719c4c5c
(cherry picked from commit b5dd44b1ba22e47360714513bc78de6c5c23ec64)
Add permissions for screencap for dumpstate.
screencap domain needs additional permissions for
dumpstate to dump screenshots.
Test: adb shell cmd activity bug-report
Bug: 65206688
Change-Id: I824f345fd90d286454d570576c5888d7719c4c5c
screencap domain needs additional permissions for
dumpstate to dump screenshots.
Test: adb shell cmd activity bug-report
Bug: 65206688
Change-Id: I824f345fd90d286454d570576c5888d7719c4c5c
Merge cherrypicks of [2828380, 2830382, 2830383, 2830273, 2830093, 2830593] into oc-mr1-release
Change-Id: I082ddea7d3fc4ae11da079c8aaf6a4ace48ccada
Change-Id: I082ddea7d3fc4ae11da079c8aaf6a4ace48ccada
Permissions for screencap saving files to /sdcard/
Before screencap was in its own domain, it was able to do
this by using all of shell's permissions.
The following denials are caused (along with times from running the below test command)
when screencap is invoked to write a file onto the sdcard:
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:23): avc: denied { read } for name="primary" dev="tmpfs" ino=19547 scontext=u:r:screencap:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:24): avc: denied { search } for name="/" dev="tmpfs" ino=19529 scontext=u:r:screencap:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:25): avc: denied { search } for name="user" dev="tmpfs" ino=19535 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:26): avc: denied { read } for name="primary" dev="tmpfs" ino=31198 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:27): avc: denied { search } for name="/" dev="sdcardfs" ino=1310722 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:28): avc: denied { write } for name="image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:29): avc: denied { open } for path="/storage/emulated/0/image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:30): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:31): avc: denied { execute } for name="sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:32): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:33): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I sh : type=1400 audit(0.0:34): avc: denied { getattr } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:35): avc: denied { ioctl } for path="socket:[57515]" dev="sockfs" ino=57515 ioctlcmd=5401 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:36): avc: denied { getattr } for path="socket:[57515]" dev="sockfs" ino=57515 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.589 4991 4991 I sh : type=1400 audit(0.0:37): avc: denied { execute_no_trans } for path="/system/bin/am" dev="dm-0" ino=1178 scontext=u:r:screencap:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:38): avc: denied { call } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:39): avc: denied { use } for path="/dev/null" dev="tmpfs" ino=19514 scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=fd permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:40): avc: denied { transfer } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.741 575 575 E SELinux : avc: denied { find } for service=activity pid=4992 uid=2000 scontext=u:r:screencap:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
08-30 21:03:32.749 837 837 I Binder:837_9: type=1400 audit(0.0:41): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=binder permissive=1
If /data/media/ is deleted, the following denials also occur:
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:43): avc: denied { search } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:44): avc: denied { read open } for path="/data/media/0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:48): avc: denied { write } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:49): avc: denied { add_name } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:50): avc: denied { create } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:51): avc: denied { setattr } for name="image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:53): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 01:04:29.741 6625 6625 W screencap: type=1400 audit(0.0:23): avc: denied { write } for name="0" dev="sdcardfs" ino=655364 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
Test: adb shell screencap -p /sdcard/phone.png
Bug: 65206688
Change-Id: I808429b25fa3118fef7931050ab757c9bcd61881
(cherry picked from commit c12c734932a3359ee6ae98859c40b355b151dc8d)
Before screencap was in its own domain, it was able to do
this by using all of shell's permissions.
The following denials are caused (along with times from running the below test command)
when screencap is invoked to write a file onto the sdcard:
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:23): avc: denied { read } for name="primary" dev="tmpfs" ino=19547 scontext=u:r:screencap:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:24): avc: denied { search } for name="/" dev="tmpfs" ino=19529 scontext=u:r:screencap:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:25): avc: denied { search } for name="user" dev="tmpfs" ino=19535 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:26): avc: denied { read } for name="primary" dev="tmpfs" ino=31198 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:27): avc: denied { search } for name="/" dev="sdcardfs" ino=1310722 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:28): avc: denied { write } for name="image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:29): avc: denied { open } for path="/storage/emulated/0/image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:30): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:31): avc: denied { execute } for name="sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:32): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:33): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I sh : type=1400 audit(0.0:34): avc: denied { getattr } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:35): avc: denied { ioctl } for path="socket:[57515]" dev="sockfs" ino=57515 ioctlcmd=5401 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:36): avc: denied { getattr } for path="socket:[57515]" dev="sockfs" ino=57515 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.589 4991 4991 I sh : type=1400 audit(0.0:37): avc: denied { execute_no_trans } for path="/system/bin/am" dev="dm-0" ino=1178 scontext=u:r:screencap:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:38): avc: denied { call } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:39): avc: denied { use } for path="/dev/null" dev="tmpfs" ino=19514 scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=fd permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:40): avc: denied { transfer } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.741 575 575 E SELinux : avc: denied { find } for service=activity pid=4992 uid=2000 scontext=u:r:screencap:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
08-30 21:03:32.749 837 837 I Binder:837_9: type=1400 audit(0.0:41): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=binder permissive=1
If /data/media/ is deleted, the following denials also occur:
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:43): avc: denied { search } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:44): avc: denied { read open } for path="/data/media/0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:48): avc: denied { write } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:49): avc: denied { add_name } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:50): avc: denied { create } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:51): avc: denied { setattr } for name="image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:53): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 01:04:29.741 6625 6625 W screencap: type=1400 audit(0.0:23): avc: denied { write } for name="0" dev="sdcardfs" ino=655364 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
Test: adb shell screencap -p /sdcard/phone.png
Bug: 65206688
Change-Id: I808429b25fa3118fef7931050ab757c9bcd61881
(cherry picked from commit c12c734932a3359ee6ae98859c40b355b151dc8d)
Give media.metrics service access to uid/pkg info
relax the sepolicy for media.metrics to allow access to
package manager for uid->packagename mapping functionality.
Bug: 65027506
Test: read output of 'dumpsys media.metrics'
Change-Id: I0d25af16c06dc65154cfda854e28ab70ada097c4
relax the sepolicy for media.metrics to allow access to
package manager for uid->packagename mapping functionality.
Bug: 65027506
Test: read output of 'dumpsys media.metrics'
Change-Id: I0d25af16c06dc65154cfda854e28ab70ada097c4
Permissions for screencap saving files to /sdcard/
Before screencap was in its own domain, it was able to do
this by using all of shell's permissions.
The following denials are caused (along with times from running the below test command)
when screencap is invoked to write a file onto the sdcard:
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:23): avc: denied { read } for name="primary" dev="tmpfs" ino=19547 scontext=u:r:screencap:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:24): avc: denied { search } for name="/" dev="tmpfs" ino=19529 scontext=u:r:screencap:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:25): avc: denied { search } for name="user" dev="tmpfs" ino=19535 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:26): avc: denied { read } for name="primary" dev="tmpfs" ino=31198 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:27): avc: denied { search } for name="/" dev="sdcardfs" ino=1310722 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:28): avc: denied { write } for name="image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:29): avc: denied { open } for path="/storage/emulated/0/image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:30): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:31): avc: denied { execute } for name="sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:32): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:33): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I sh : type=1400 audit(0.0:34): avc: denied { getattr } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:35): avc: denied { ioctl } for path="socket:[57515]" dev="sockfs" ino=57515 ioctlcmd=5401 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:36): avc: denied { getattr } for path="socket:[57515]" dev="sockfs" ino=57515 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.589 4991 4991 I sh : type=1400 audit(0.0:37): avc: denied { execute_no_trans } for path="/system/bin/am" dev="dm-0" ino=1178 scontext=u:r:screencap:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:38): avc: denied { call } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:39): avc: denied { use } for path="/dev/null" dev="tmpfs" ino=19514 scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=fd permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:40): avc: denied { transfer } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.741 575 575 E SELinux : avc: denied { find } for service=activity pid=4992 uid=2000 scontext=u:r:screencap:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
08-30 21:03:32.749 837 837 I Binder:837_9: type=1400 audit(0.0:41): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=binder permissive=1
If /data/media/ is deleted, the following denials also occur:
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:43): avc: denied { search } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:44): avc: denied { read open } for path="/data/media/0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:48): avc: denied { write } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:49): avc: denied { add_name } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:50): avc: denied { create } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:51): avc: denied { setattr } for name="image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:53): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 01:04:29.741 6625 6625 W screencap: type=1400 audit(0.0:23): avc: denied { write } for name="0" dev="sdcardfs" ino=655364 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
Test: adb shell screencap -p /sdcard/phone.png
Bug: 65206688
Change-Id: I808429b25fa3118fef7931050ab757c9bcd61881
Before screencap was in its own domain, it was able to do
this by using all of shell's permissions.
The following denials are caused (along with times from running the below test command)
when screencap is invoked to write a file onto the sdcard:
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:23): avc: denied { read } for name="primary" dev="tmpfs" ino=19547 scontext=u:r:screencap:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:24): avc: denied { search } for name="/" dev="tmpfs" ino=19529 scontext=u:r:screencap:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:25): avc: denied { search } for name="user" dev="tmpfs" ino=19535 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:26): avc: denied { read } for name="primary" dev="tmpfs" ino=31198 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=lnk_file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:27): avc: denied { search } for name="/" dev="sdcardfs" ino=1310722 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:28): avc: denied { write } for name="image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:29): avc: denied { open } for path="/storage/emulated/0/image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:30): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:31): avc: denied { execute } for name="sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:32): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:33): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.582 4990 4990 I sh : type=1400 audit(0.0:34): avc: denied { getattr } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:35): avc: denied { ioctl } for path="socket:[57515]" dev="sockfs" ino=57515 ioctlcmd=5401 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:36): avc: denied { getattr } for path="socket:[57515]" dev="sockfs" ino=57515 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
08-30 21:03:32.589 4991 4991 I sh : type=1400 audit(0.0:37): avc: denied { execute_no_trans } for path="/system/bin/am" dev="dm-0" ino=1178 scontext=u:r:screencap:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:38): avc: denied { call } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:39): avc: denied { use } for path="/dev/null" dev="tmpfs" ino=19514 scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=fd permissive=1
08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:40): avc: denied { transfer } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
08-30 21:03:32.741 575 575 E SELinux : avc: denied { find } for service=activity pid=4992 uid=2000 scontext=u:r:screencap:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
08-30 21:03:32.749 837 837 I Binder:837_9: type=1400 audit(0.0:41): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=binder permissive=1
If /data/media/ is deleted, the following denials also occur:
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:43): avc: denied { search } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:44): avc: denied { read open } for path="/data/media/0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:48): avc: denied { write } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:49): avc: denied { add_name } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:50): avc: denied { create } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:51): avc: denied { setattr } for name="image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:53): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
08-31 01:04:29.741 6625 6625 W screencap: type=1400 audit(0.0:23): avc: denied { write } for name="0" dev="sdcardfs" ino=655364 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
Test: adb shell screencap -p /sdcard/phone.png
Bug: 65206688
Change-Id: I808429b25fa3118fef7931050ab757c9bcd61881
release-request-81b48854-d0e0-49af-bcf2-857273cbb8dc-for-git_oc-mr1-release-4306444 snap-temp-L17300000097872583
Change-Id: I19e0798e10f1f9616d155b1c3e830eed60c893dc
Change-Id: I19e0798e10f1f9616d155b1c3e830eed60c893dc
Merge "Fix typo in servicemanager policy." into oc-mr1-dev
Merge "Move Broadcast Radio HAL to a separate binary." into oc-mr1-dev
release-request-5f16c261-dcc8-4c4f-a0bd-deb507084f3d-for-git_oc-mr1-release-4303954 snap-temp-L56100000097484036
Change-Id: I6963fb2988b816632e0d51daa44157aed05ff52a
Change-Id: I6963fb2988b816632e0d51daa44157aed05ff52a
Merge "Allow all domains to stat symlinks in sysfs" into oc-mr1-dev
Allow all domains to stat symlinks in sysfs
This is needed to retain app's previous access to
/sys/devices/system/cpu. When these files were previously
labeled in file_contexts, symlinks were labeled as
sysfs_devices_system_cpu. When labeling was moved to genfs_contexts
symlinks all have the default sysfs label.
avc: denied { getattr } for comm="main"
path="/sys/devices/system/cpu/cpu0/cpufreq" dev="sysfs" ino=41897
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:sysfs:s0 tclass=lnk_file permissive=0
Change-Id: Idaa565390bca13d3819e147fcea4214956c0f589
Bug: 64270911
Test: build aosp_marlin
(cherry picked from commit 8d021a9496aebfadb0113f3d4f45e3331fbde7fa)
This is needed to retain app's previous access to
/sys/devices/system/cpu. When these files were previously
labeled in file_contexts, symlinks were labeled as
sysfs_devices_system_cpu. When labeling was moved to genfs_contexts
symlinks all have the default sysfs label.
avc: denied { getattr } for comm="main"
path="/sys/devices/system/cpu/cpu0/cpufreq" dev="sysfs" ino=41897
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:sysfs:s0 tclass=lnk_file permissive=0
Change-Id: Idaa565390bca13d3819e147fcea4214956c0f589
Bug: 64270911
Test: build aosp_marlin
(cherry picked from commit 8d021a9496aebfadb0113f3d4f45e3331fbde7fa)
Move Broadcast Radio HAL to a separate binary.
Bug: 63600413
Test: VTS, instrumentation, audit2allow
Change-Id: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
Bug: 63600413
Test: VTS, instrumentation, audit2allow
Change-Id: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
release-request-c924aaac-f0a2-4215-8dc4-e314f22460d9-for-git_oc-mr1-release-4301796 snap-temp-L23200000097143969
Change-Id: I27193431fb61a6c2eb7410b815f90ae577477e5b
Change-Id: I27193431fb61a6c2eb7410b815f90ae577477e5b
Merge "O MR1 is API 27" into oc-mr1-dev
Merge "Fix label on /dev/input" into oc-mr1-dev
Fix label on /dev/input
Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/
to /dev/input which no longer matches the regex in core policy
file_contexts. Fix the regex to match /dev/input and /dev/input/.
avc: denied { read } for name="input" dev="tmpfs" ino=14092
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=dir
avc: denied { open } for path="/dev/input" dev="tmpfs"
ino=14092 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=dir
Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f
Fixes: 64997761
Fixes: 64954704
Test: no camera HAL denials
Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/
to /dev/input which no longer matches the regex in core policy
file_contexts. Fix the regex to match /dev/input and /dev/input/.
avc: denied { read } for name="input" dev="tmpfs" ino=14092
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=dir
avc: denied { open } for path="/dev/input" dev="tmpfs"
ino=14092 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=dir
Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f
Fixes: 64997761
Fixes: 64954704
Test: no camera HAL denials
Merge "sepolicy: Define and allow map permission for vendor dir" into oc-mr1-dev
Merge "hal_configstore: use crash_dump fallback path" into oc-mr1-dev
sepolicy: Define and allow map permission for vendor dir
This patch tries to provide similar functionality as the previous
change made here:
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/432339/
Only, making sure we add the same map permissions for the vendor
directory.
Signed-off-by: John Stultz <john.stultz@linaro.org>
(cherry picked from commit 24537b2e9607dbc7aaf3687a9d6031cc811c06f0)
Bug: 65011018
Test: policy compiles.
Change-Id: I4d0319011ef4ef043134bf299dc4823a6c418717
This patch tries to provide similar functionality as the previous
change made here:
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/432339/
Only, making sure we add the same map permissions for the vendor
directory.
Signed-off-by: John Stultz <john.stultz@linaro.org>
(cherry picked from commit 24537b2e9607dbc7aaf3687a9d6031cc811c06f0)
Bug: 65011018
Test: policy compiles.
Change-Id: I4d0319011ef4ef043134bf299dc4823a6c418717
hal_configstore: use crash_dump fallback path
Configstore HAL uses a seccomp filter which blocks the standard
path of execing crash_dump to collect crash data. Add permission
to use crash_dump's fallback mechanism.
Allowing configstore to write to the socket provided by tombstoned
required either exempting configstore from a neverallow rule, or
removing the neverallow rule entirely. Since the neverallow rule
could potentially prevent partners for doing security hardening,
it has been removed.
Bug: 64768925
Bug: 36453956
Test: killall -ABRT android.hardware.configstore@1.1-service
Results in a call stack in logcat, and tombstone in
/data/tombstones
Test: configstore runs without crashing
Test: SANITIZE_TARGET="address coverage" make vts -j64
vts-tradefedrun commandAndExit vts --skip-all-system-status-check \
-primary-abi-only --skip-preconditions -l VERBOSE --module \
VtsHalConfigstoreV1_0IfaceFuzzer
Change-Id: I1ed5265f173c760288d856adb9292c4026da43d6
(cherry picked from commit 9924d782ef31759e48b7d95bafff218ec98d5ae0)
Configstore HAL uses a seccomp filter which blocks the standard
path of execing crash_dump to collect crash data. Add permission
to use crash_dump's fallback mechanism.
Allowing configstore to write to the socket provided by tombstoned
required either exempting configstore from a neverallow rule, or
removing the neverallow rule entirely. Since the neverallow rule
could potentially prevent partners for doing security hardening,
it has been removed.
Bug: 64768925
Bug: 36453956
Test: killall -ABRT android.hardware.configstore@1.1-service
Results in a call stack in logcat, and tombstone in
/data/tombstones
Test: configstore runs without crashing
Test: SANITIZE_TARGET="address coverage" make vts -j64
vts-tradefedrun commandAndExit vts --skip-all-system-status-check \
-primary-abi-only --skip-preconditions -l VERBOSE --module \
VtsHalConfigstoreV1_0IfaceFuzzer
Change-Id: I1ed5265f173c760288d856adb9292c4026da43d6
(cherry picked from commit 9924d782ef31759e48b7d95bafff218ec98d5ae0)
release-request-369362fc-cc6c-4cb1-95c0-90b5ac7c52cb-for-git_oc-mr1-release-4288633 snap-temp-L81700000095141745
Change-Id: I40e327f7d8496ec91b2564dc7270e863058aff3f
Change-Id: I40e327f7d8496ec91b2564dc7270e863058aff3f
Merge "Moving adbd from rootdir to system/bin" into oc-mr1-dev
Merge changes from topic "app_visible_hals" into oc-mr1-dev
* changes:
DO NOT MERGE: use 'expandattribute' for untrusted_app_visible_hwservice
DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains
DO NOT MERGE: Revert "Revert "Remove neverallow preventing hwservice access for apps.""
* changes:
DO NOT MERGE: use 'expandattribute' for untrusted_app_visible_hwservice
DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains
DO NOT MERGE: Revert "Revert "Remove neverallow preventing hwservice access for apps.""
DO NOT MERGE: use 'expandattribute' for untrusted_app_visible_hwservice
Bug: 62658302
Test: Boot device and observe no new denials
Change-Id: If9a21610897b14a419f276289818127412c29c55
Signed-off-by: Sandeep Patil <sspatil@google.com>
Bug: 62658302
Test: Boot device and observe no new denials
Change-Id: If9a21610897b14a419f276289818127412c29c55
Signed-off-by: Sandeep Patil <sspatil@google.com>
DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains
Vendor HAL extentsions are currently allowed to discover hardware
services that are labelled with 'untrusted_app_visible_hwservice'.
However, the policy doesn't allow these apps to talk to these services.
This CL makes sure that is now possible via the
'untrusted_app_visible_halserver' attribute for vendor domains that host
such a service.
Bug: 64382381
Test: Boot device and observe no new denials.
Change-Id: I1ffc1a62bdf7506a311f5a19acdab8c7caec902b
Signed-off-by: Sandeep Patil <sspatil@google.com>
Vendor HAL extentsions are currently allowed to discover hardware
services that are labelled with 'untrusted_app_visible_hwservice'.
However, the policy doesn't allow these apps to talk to these services.
This CL makes sure that is now possible via the
'untrusted_app_visible_halserver' attribute for vendor domains that host
such a service.
Bug: 64382381
Test: Boot device and observe no new denials.
Change-Id: I1ffc1a62bdf7506a311f5a19acdab8c7caec902b
Signed-off-by: Sandeep Patil <sspatil@google.com>
release-request-edd71ba9-6f93-47be-957d-774c9d43a2dc-for-git_oc-mr1-release-4281935 snap-temp-L68100000094184972
Change-Id: I394f82ab9f7fdfc5cd08ed05cde86f3913ace9c7
Change-Id: I394f82ab9f7fdfc5cd08ed05cde86f3913ace9c7
Merge "Enable performanced to talk to the permission service." into oc-mr1-dev
Merge "treble sepolicy tests: Add removed attribute check." into oc-mr1-dev
Enable performanced to talk to the permission service.
Performanced needs to talk to the permission service to verify
permissions of clients to access certain restricted scheduler
policies.
Bug: 64337476
Test: performance_service_tests passes; logs do not contain avc
denials for performanced -> permission service.
Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9
Performanced needs to talk to the permission service to verify
permissions of clients to access certain restricted scheduler
policies.
Bug: 64337476
Test: performance_service_tests passes; logs do not contain avc
denials for performanced -> permission service.
Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9
Merge "Make sepolicy-analyze for GTS." into oc-mr1-dev
DO NOT MERGE: Revert "Revert "Remove neverallow preventing hwservice access for apps.""
This reverts commit ceed720415bc9c4a431af5cfc86aef814c3a91cc.
New HALs services that are added in the policy while the CL was reverted
will are not made visible to applications by default. They are:
hal_neuralnetworks_hwservice
hal_wifi_offload_hwservice
system_net_netd_hwservice
thermalcallback_hwservice
Bug: 64578796
Test: Boot device
Change-Id: I84d65baddc757a5b0a38584430eff79a383aa8e0
Signed-off-by: Sandeep Patil <sspatil@google.com>
This reverts commit ceed720415bc9c4a431af5cfc86aef814c3a91cc.
New HALs services that are added in the policy while the CL was reverted
will are not made visible to applications by default. They are:
hal_neuralnetworks_hwservice
hal_wifi_offload_hwservice
system_net_netd_hwservice
thermalcallback_hwservice
Bug: 64578796
Test: Boot device
Change-Id: I84d65baddc757a5b0a38584430eff79a383aa8e0
Signed-off-by: Sandeep Patil <sspatil@google.com>
treble sepolicy tests: Add removed attribute check.
Make sure that any attributes removed from policy are declared
in the mapping file, in case they are relied upon by vendor
policy.
Bug: 36899958
Test: Builds successfull, but not with removed attribute not
in mapping file.
Change-Id: I25526cd88a50e90513ae298ccf4f2660e4627fb4
Make sure that any attributes removed from policy are declared
in the mapping file, in case they are relied upon by vendor
policy.
Bug: 36899958
Test: Builds successfull, but not with removed attribute not
in mapping file.
Change-Id: I25526cd88a50e90513ae298ccf4f2660e4627fb4
Fix typo in servicemanager policy.
Bug: Bug: 36866029
Test: builds
Change-Id: I520bd6f4af9278f7991950ccc4827928679c5927
Bug: Bug: 36866029
Test: builds
Change-Id: I520bd6f4af9278f7991950ccc4827928679c5927
release-request-a0f7506a-1cd6-4a03-927b-8d29e0c545e6-for-git_oc-mr1-release-4277764 snap-temp-L23600000093606242
Change-Id: I628137cd34097ea826f4a00b097f24e588626b31
Change-Id: I628137cd34097ea826f4a00b097f24e588626b31
Moving adbd from rootdir to system/bin
Bug: 63910933
Test: boot sailfish in normal mode, checks adbd is started
Test: boot sailfish in recovery mode, checks adbd is started
Test: boot bullhead in normal mode, checks adbd is started
Test: boot bullhead in recovery mode, checks adbd is started
Change-Id: I35ed78a15a34626fbd3c21d030e2bf51033f7b79
Bug: 63910933
Test: boot sailfish in normal mode, checks adbd is started
Test: boot sailfish in recovery mode, checks adbd is started
Test: boot bullhead in normal mode, checks adbd is started
Test: boot bullhead in recovery mode, checks adbd is started
Change-Id: I35ed78a15a34626fbd3c21d030e2bf51033f7b79
Make sepolicy-analyze for GTS.
Test: gts-tradefed run gts-dev --module=GtsSecurityHostTestCases
Bug: 64127136
Change-Id: Ib50294488bb1a5d46faed00d6954db64648fed20
Test: gts-tradefed run gts-dev --module=GtsSecurityHostTestCases
Bug: 64127136
Change-Id: Ib50294488bb1a5d46faed00d6954db64648fed20
Merge "treble compat: Add test for removed public types without compat entry." into oc-mr1-dev
release-request-e73a0a41-91c3-4249-808e-8d196d54a344-for-git_oc-mr1-release-4273744 snap-temp-L04700000093069831
Change-Id: Idc776c3c42073f99d9895c850bf8233ba26a033e
Change-Id: Idc776c3c42073f99d9895c850bf8233ba26a033e
Move compatibility files out of prebuilts dir.
The treble compatibility tests check for policy differences between old
and new policy. To do this correctly, we must not modify the policy which
represents the older policies. Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5
Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372
The treble compatibility tests check for policy differences between old
and new policy. To do this correctly, we must not modify the policy which
represents the older policies. Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5
Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372
release-request-b6ae8e74-f78b-4723-80a8-cc8f0e04d002-for-git_oc-mr1-release-4270486 snap-temp-L29800000092584324
Change-Id: I85e24a473a6b2c267961c115f9994c133d80535d
Change-Id: I85e24a473a6b2c267961c115f9994c133d80535d
Merge "move e2fs rules from private to public" into oc-mr1-dev
release-request-68cc9b2a-98ae-4fbf-8b56-3e535855f399-for-git_oc-mr1-release-4269864 snap-temp-L25700000092502312
Change-Id: Ibe0f3b5ed8207ea84e5bcb9cd2fcafb81323df50
Change-Id: Ibe0f3b5ed8207ea84e5bcb9cd2fcafb81323df50
Merge "Prevent access to nonplat_service_contexts on full_treble." into oc-mr1-dev
Merge "Add missing attribute to compatibility file." into oc-mr1-dev
Add missing attribute to compatibility file.
untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP. It was removed from mr1
and so needs to be accounted for in the compatibility mapping.
Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6
untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP. It was removed from mr1
and so needs to be accounted for in the compatibility mapping.
Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6
Add screencap domain.
Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;
Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7
Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;
Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7
Prevent access to nonplat_service_contexts on full_treble.
On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.
Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).
Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9
On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.
Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).
Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9
move e2fs rules from private to public
Allow vendors to extend e2fs rules to format other partitions.
Bug: 64430395
Change-Id: I51566f72dea814af97b1fedbd4618cd4095d64c3
Allow vendors to extend e2fs rules to format other partitions.
Bug: 64430395
Change-Id: I51566f72dea814af97b1fedbd4618cd4095d64c3
treble compat: Add test for removed public types without compat entry.
Also fix up set() additions in mini_parser.py and add global reference to
the parser in tests for clarity.
Bug: 36899958
Test: rm public type in old policy from policy and observe test failure.
Change-Id: I6cba2473526798be871cd69249c9bbc6df2c5b4c
Also fix up set() additions in mini_parser.py and add global reference to
the parser in tests for clarity.
Bug: 36899958
Test: rm public type in old policy from policy and observe test failure.
Change-Id: I6cba2473526798be871cd69249c9bbc6df2c5b4c
release-request-9ff446ef-fe26-4f50-a0f0-c1d38619140f-for-git_oc-mr1-release-4257899 snap-temp-L58400000090817127
Change-Id: I7510ed169016f60d24acdb9f14dcbfba52883e73
Change-Id: I7510ed169016f60d24acdb9f14dcbfba52883e73
Add 26.0 api compatibility check infrastructure.
Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry. This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access. It also should prove the basis for additional compatibility
checks between old and new policies.
Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c
Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry. This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access. It also should prove the basis for additional compatibility
checks between old and new policies.
Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c
Merge "Fix thermalserviced_tmpfs compat recording mistake." into oc-mr1-dev
Fix thermalserviced_tmpfs compat recording mistake.
Commit: 2490f1adad4b9b89639926ddd5be91f46d1f6b84 meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead. Fix this.
(cherry-pick of commit: fbacc656be1b8e2dbade14edf91d8b972678291d)
Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935
Commit: 2490f1adad4b9b89639926ddd5be91f46d1f6b84 meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead. Fix this.
(cherry-pick of commit: fbacc656be1b8e2dbade14edf91d8b972678291d)
Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935
Merge "Allow PackageManager to create a new service" into oc-mr1-dev
release-request-c8b8af6b-4899-402a-9ff7-72255ba5300b-for-git_oc-mr1-release-4253898 snap-temp-L09600000090287887
Change-Id: Ib5b3882ef5b308bc333dae3ca707c49ebc5b2b17
Change-Id: Ib5b3882ef5b308bc333dae3ca707c49ebc5b2b17
Allow PackageManager to create a new service
A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.
Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41
A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.
Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41
Record thermalserviced_tmpfs for compat infrastructure.
Commit: ec3b6b7e25f709fcc9c177beebafae885d641f6d added a new daemon
and corresponding types to sepolicy. The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review. Add it as well.
Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1adad4b9b89639926ddd5be91f46d1f6b84)
Commit: ec3b6b7e25f709fcc9c177beebafae885d641f6d added a new daemon
and corresponding types to sepolicy. The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review. Add it as well.
Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1adad4b9b89639926ddd5be91f46d1f6b84)
thermal: sepolicy for thermalservice and Thermal HAL revision 1.1
Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.
Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e25f709fcc9c177beebafae885d641f6d)
Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.
Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e25f709fcc9c177beebafae885d641f6d)
release-request-ca4ad653-1655-436a-b65c-2527b02ae5f2-for-git_oc-mr1-release-4241196 snap-temp-L48200000088705722
Change-Id: I9489e24ed993d9804dfa16966d3c4ba079975142
Change-Id: I9489e24ed993d9804dfa16966d3c4ba079975142
Merge "Allow untrusted apps to read apks" into oc-mr1-dev
Merge changes Ibad30515,If360eb9e into oc-mr1-dev
* changes:
Fix CoredomainViolators typo and clean up test option parsing.
Record hal_wifi_offload_hwservice type for compatibility.
* changes:
Fix CoredomainViolators typo and clean up test option parsing.
Record hal_wifi_offload_hwservice type for compatibility.
release-request-ceffd4a6-d719-491c-b078-6ce33cda5fb8-for-git_oc-mr1-release-4237114 snap-temp-L83200000088245566
Change-Id: I06245b2686da44715645120ce86dabc3845c0013
Change-Id: I06245b2686da44715645120ce86dabc3845c0013