Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-01-12 | DO NOT MERGE: Further restrict access to socket ioctl commands am: ↵android-6.0.1_r45android-6.0.1_r25android-6.0.1_r24android-6.0.1_r22android-6.0.1_r21marshmallow-dr1.5-releasemarshmallow-dr1.5-dev | Jeff Vander Stoep | |
57531cacb4 am: c0ce53cc8d am: f290a2ddd0 * commit 'f290a2ddd08e9b27fbded7a999238b2ae4517bf5': DO NOT MERGE: Further restrict access to socket ioctl commands | |||
2016-01-12 | DO NOT MERGE: Further restrict access to socket ioctl commands am: 57531cacb4 | Jeff Vander Stoep | |
am: c0ce53cc8d * commit 'c0ce53cc8d4538b9215702df1c6f5208cf415cda': DO NOT MERGE: Further restrict access to socket ioctl commands | |||
2016-01-12 | DO NOT MERGE: Further restrict access to socket ioctl commands | Jeff Vander Stoep | |
am: 57531cacb4 * commit '57531cacb40682be4b1189c721fd1e7f25bf3786': DO NOT MERGE: Further restrict access to socket ioctl commands | |||
2016-01-05 | DO NOT MERGE: Further restrict access to socket ioctl commands | Jeff Vander Stoep | |
Remove untrusted/isolated app access to device private commands. Only allow shell user to access unprivileged socket ioctl commands. Bug: 26324307 Bug: 26267358 Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2 | |||
2015-12-18 | Add policies for system_server to delete fpdata folder | Amith Yamasani | |
Bug: 26211308 Change-Id: I8fd2d14ea52d49a33e6cdbcdf90630eea89f7dd0 | |||
2015-10-29 | Enable permission checking by binderservicedomain. | dcashman | |
am: 32d207e042 * commit '32d207e042c280a1d230e180dc6d49aba3b0248c': Enable permission checking by binderservicedomain. | |||
2015-10-29 | Enable permission checking by binderservicedomain. | dcashman | |
binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b | |||
2015-10-22 | Merge "Revert "Update sepolicy to allow ThermalObserver system service"" ↵ | Anthony Hugh | |
into cw-e-dev | |||
2015-10-22 | Revert "Update sepolicy to allow ThermalObserver system service" | Anthony Hugh | |
This reverts commit cda36e31d162bbab78b19c61c166e15f18815788. This will be moved to a device specific file. BUG: 24555181 Change-Id: I0eb543211245c37da77bbf42449f70ff3fdf79ec | |||
2015-10-21 | Merge remote-tracking branch \'goog/mnc-cts-release\' into HEAD am: ↵ | Bill Yi | |
7d20f40879 am: a8bbe96d8b am: 5eac92174c * commit '5eac92174c8a036e088337c1c44f1ea84ab59b0f': | |||
2015-10-21 | Merge remote-tracking branch \'goog/mnc-cts-release\' into HEAD am: 7d20f40879marshmallow-mr1-dev | Bill Yi | |
am: a8bbe96d8b * commit 'a8bbe96d8b3fc76bd36e7f6582b79c94a7ecaa80': | |||
2015-10-21 | Merge remote-tracking branch \'goog/mnc-cts-release\' into HEAD | Bill Yi | |
am: 7d20f40879 * commit '7d20f40879d1cdcc39dc6e876371020c258d5a86': | |||
2015-10-21 | Merge remote-tracking branch 'goog/mnc-cts-release' into HEADandroid-cts-6.0_r7android-cts-6.0_r6android-cts-6.0_r5android-cts-6.0_r4android-cts-6.0_r3android-cts-6.0_r2 | Bill Yi | |
2015-10-19 | Merge "untrusted_apps: Allow untrusted apps to find healthd_service." into ↵ | Nick Kralevich | |
mnc-dr-dev am: 6ab438dc8b * commit '6ab438dc8b4c8b661c8209ecfb66b626b8bdc532': untrusted_apps: Allow untrusted apps to find healthd_service. | |||
2015-10-19 | Merge "untrusted_apps: Allow untrusted apps to find healthd_service." into ↵ | Nick Kralevich | |
mnc-dr-dev | |||
2015-10-19 | untrusted_apps: Allow untrusted apps to find healthd_service. | Ruchi Kandoi | |
This allows apps to find the healthd service which is used to query battery properties. Bug: 24759218 Change-Id: I72ce5a28b2ffd57aa424faeb2d039b6c92f9597d Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com> | |||
2015-10-14 | am 9fcc949f: am 63af426a: bluetooth.te: Relax bluetooth neverallow rule. am: ↵ | Nick Kralevich | |
33a779fecb * commit '9fcc949f3ca6c2a6d968f3bde57c8ce89f5d9bc6': bluetooth.te: Relax bluetooth neverallow rule. | |||
2015-10-14 | am 63af426a: bluetooth.te: Relax bluetooth neverallow rule. am: 33a779fecb | Nick Kralevich | |
* commit '63af426a6ebc5c340a7144164f7458b35002d6f5': bluetooth.te: Relax bluetooth neverallow rule. | |||
2015-10-14 | bluetooth.te: Relax bluetooth neverallow rule. | Nick Kralevich | |
am: 33a779fecb * commit '33a779fecbdaa87756922adc690b4e38382d8e5f': bluetooth.te: Relax bluetooth neverallow rule. | |||
2015-10-14 | bluetooth.te: Relax bluetooth neverallow rule. | Nick Kralevich | |
Bug: 24866874 Change-Id: Ic13ad4d3292fe8284e5771a28abaebb0ec9590f0 | |||
2015-09-24 | Update sepolicy to allow ThermalObserver system service | Bryce Lee | |
Bug: 21445745 Change-Id: I59fd20f61a5e669e000f696f3738cc11071920aa | |||
2015-09-15 | am 48dae29f: Merge "Allow system_server to bind ping sockets." into mnc-dr-dev | Lorenzo Colitti | |
* commit '48dae29f9a046b328b49abd2073e134d7c29b274': Allow system_server to bind ping sockets. | |||
2015-09-15 | Merge "Allow system_server to bind ping sockets." into mnc-dr-devmarshmallow-dr-dev | Lorenzo Colitti | |
2015-09-14 | Allow system_server to bind ping sockets. | Lorenzo Colitti | |
This allows NetworkDiagnostics to send ping packets from specific source addresses in order to detect reachability problems on the reverse path. This addresses the following denial: [ 209.744636] type=1400 audit(1441805730.510:14): avc: denied { node_bind } for pid=8347 comm="Thread-202" saddr=2400:xxxx:xxxx:xxxx:40b1:7e:a1d7:b3ae scontext=u:r:system_server:s0 tcontext=u:object_r:node:s0 tclass=rawip_socket permissive=0 Bug: 23661687 (cherry picked from commit c37121436be95ae2ed75cb83605940455446ef4e) Change-Id: Ia93c14bc7fec17e2622e1b48bfbf591029d84be2 | |||
2015-09-11 | am 0b764ae9: Allow untrusted_app to list services. | dcashman | |
* commit '0b764ae98a7fe452690616b7d722a63bb7cd5fa8': Allow untrusted_app to list services. | |||
2015-09-10 | Allow untrusted_app to list services. | dcashman | |
CTS relies on the ability to see all services on the system to make sure the dump permission is properly enforced on all services. Allow this. Bug: 23476772 Change-Id: I144b825c3a637962aaca59565c9f567953a866e8 | |||
2015-08-31 | DO NOT MERGE Grant Bluetooth the ability to acquire wake locks. | Sharvil Nanavati | |
Bug: 23375670 Change-Id: I0454c580b465a2f0edc928cf0effb71733866f03 | |||
2015-08-28 | am 4496a389: am 78b54b5d: am bf323ff8: am 21827ff0: am f82f5e01: Accept ↵ | dcashman | |
command-line input for neverallow-check. * commit '4496a389b6efd95b174deb8503b8cbb6fcf0a5c5': | |||
2015-08-28 | am f84c740b: am ed21ab14: am c9b882dc: am a045ca42: am 87f3802a: appdomain: ↵ | Nick Kralevich | |
relax netlink_socket neverallow rule * commit 'f84c740bff723ddfaf9fd3fde89ca3d752236b52': | |||
2015-08-28 | am 5e911116: am f35d737d: am a669507e: am b5dd69a1: am c423b1aa: Add ↵ | Stephen Smalley | |
neverallow checking to sepolicy-analyze. * commit '5e911116a73d02dc5f170ed969fa9469b1a105c8': | |||
2015-08-28 | am 7dea3ae2: am 22db098e: am 5c190886: am 57dec60c: am 6f201ddc: App: add ↵ | Jeff Hao | |
permissions to read symlinks from dalvik cache. * commit '7dea3ae2f1d850e56e0b21a8b9811fd150af7d07': | |||
2015-08-28 | am c80e805c: am f08d0446: am 582620ae: am c2eb12b2: am 9f0af9ec: Merge ↵ | Jeff Hao | |
"zygote/dex2oat: Grant additional symlink permissions" into lmp-sprout-dev * commit 'c80e805ca0f2784d2fe344858321eeabeac9d6b1': | |||
2015-08-28 | am eced16c0: am fd352211: am f83e617f: am 4008b6c6: am b7934922: allow ↵ | Nick Kralevich | |
run-as to access /data/local/tmp * commit 'eced16c05311f46f21fdf6f3d675abf45ff40dd4': | |||
2015-08-28 | am 8ef2fed6: am d5d55306: am 330dd6e4: am 0edbecf2: am 7cd346a7: am ↵ | Nick Kralevich | |
0055ea90: Allow recovery to create device nodes and modify rootfs * commit '8ef2fed64f362ae79f434172c4561e093f9b5d48': | |||
2015-08-28 | am 58aa4481: am f992c4fa: am aa03e496: am e2ba13b9: am 7adc8cfe: Allow adbd ↵ | Nick Kralevich | |
to write to /data/adb * commit '58aa4481d34f165e30cc2d33a5d63b99ade4d2cf': | |||
2015-08-28 | am 78b54b5d: am bf323ff8: am 21827ff0: am f82f5e01: Accept command-line ↵ | dcashman | |
input for neverallow-check. * commit '78b54b5ddf8242be40ec26d543333bf82f7479a2': | |||
2015-08-28 | am ed21ab14: am c9b882dc: am a045ca42: am 87f3802a: appdomain: relax ↵ | Nick Kralevich | |
netlink_socket neverallow rule * commit 'ed21ab14105d013bef84e97bc2c2f26499170312': | |||
2015-08-28 | am f35d737d: am a669507e: am b5dd69a1: am c423b1aa: Add neverallow checking ↵ | Stephen Smalley | |
to sepolicy-analyze. * commit 'f35d737de36b78de5507c3bb09100a42892171c0': | |||
2015-08-28 | am 22db098e: am 5c190886: am 57dec60c: am 6f201ddc: App: add permissions to ↵ | Jeff Hao | |
read symlinks from dalvik cache. * commit '22db098eb763fc8993d0f451aab9dc8a1edd78f8': | |||
2015-08-28 | am f08d0446: am 582620ae: am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: ↵ | Jeff Hao | |
Grant additional symlink permissions" into lmp-sprout-dev * commit 'f08d04464ac29a17602a625b7d216b01b279c5a5': | |||
2015-08-28 | am fd352211: am f83e617f: am 4008b6c6: am b7934922: allow run-as to access ↵ | Nick Kralevich | |
/data/local/tmp * commit 'fd352211d7c84447c4e058bd6208e0a11cdd4a2b': | |||
2015-08-28 | am d5d55306: am 330dd6e4: am 0edbecf2: am 7cd346a7: am 0055ea90: Allow ↵ | Nick Kralevich | |
recovery to create device nodes and modify rootfs * commit 'd5d5530616af213918140e08aa17095d2861dee2': | |||
2015-08-28 | am f992c4fa: am aa03e496: am e2ba13b9: am 7adc8cfe: Allow adbd to write to ↵ | Nick Kralevich | |
/data/adb * commit 'f992c4fa90b77e3acb5d4fce82dab04a5e497f64': | |||
2015-08-28 | am bf323ff8: am 21827ff0: am f82f5e01: Accept command-line input for ↵android-cts-5.1_r9android-cts-5.1_r8android-cts-5.1_r7android-cts-5.1_r6android-cts-5.1_r5android-cts-5.1_r4android-cts-5.1_r3android-cts-5.1_r28android-cts-5.1_r27android-cts-5.1_r26android-cts-5.1_r25android-cts-5.1_r24android-cts-5.1_r23android-cts-5.1_r22android-cts-5.1_r21android-cts-5.1_r20android-cts-5.1_r19android-cts-5.1_r18android-cts-5.1_r17android-cts-5.1_r16android-cts-5.1_r15android-cts-5.1_r14android-cts-5.1_r13android-cts-5.1_r10lollipop-mr1-cts-releaselollipop-mr1-cts-dev | dcashman | |
neverallow-check. * commit 'bf323ff8037e92cdb0bb215aeec6f5c6142c74a2': | |||
2015-08-28 | am c9b882dc: am a045ca42: am 87f3802a: appdomain: relax netlink_socket ↵ | Nick Kralevich | |
neverallow rule * commit 'c9b882dc9a4f190a4842ac6ced39d06d0c4e9ca0': | |||
2015-08-28 | am a669507e: am b5dd69a1: am c423b1aa: Add neverallow checking to ↵ | Stephen Smalley | |
sepolicy-analyze. * commit 'a669507e0cbf131963cb158ddf0727c52c1f3203': | |||
2015-08-28 | am 5c190886: am 57dec60c: am 6f201ddc: App: add permissions to read symlinks ↵ | Jeff Hao | |
from dalvik cache. * commit '5c190886bf094808c8a8ada5f0d675bd67033d3c': | |||
2015-08-28 | am 582620ae: am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: Grant ↵ | Jeff Hao | |
additional symlink permissions" into lmp-sprout-dev * commit '582620ae4c9f6216dcdfd6c6ca67fb94992d94c6': | |||
2015-08-28 | am f83e617f: am 4008b6c6: am b7934922: allow run-as to access /data/local/tmp | Nick Kralevich | |
* commit 'f83e617f48ac859411ae54004916aa4b215d530e': | |||
2015-08-28 | am 330dd6e4: am 0edbecf2: am 7cd346a7: am 0055ea90: Allow recovery to create ↵ | Nick Kralevich | |
device nodes and modify rootfs * commit '330dd6e4f6766f0d9a4b5d866417185e9753eef5': |