Age | Commit message (Collapse) | Author |
|
|
|
When the toolbox domain was introduced, we allowed all domains to exec it
to avoid breakage. However, only domains that were previously allowed the
ability to exec /system files would have been able to do this prior to the
introduction of the toolbox domain. Remove the rule from domain.te and add
rules to all domains that are already allowed execute_no_trans to system_file.
Requires coordination with device-specific policy changes with the same Change-Id.
Change-Id: Ie46209f0412f9914857dc3d7c6b0917b7031aae5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
|
|
/data/local/tmp access was neverallowed in
https://android-review.googlesource.com/168051
Remove the allow rules for surfaceflinger.
Change-Id: Ic4fb3a646df158baa5a56de72ffc63fe9405531a
|
|
|
|
Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
|
|
|
|
Bug: http://b/15193147
Change-Id: Icde6cba4947ae17b92a7ddbd61a40f9ace839ed4
|
|
|
|
As suggested in the comments on
https://android-review.googlesource.com/#/c/141560/
drop BOARD_SEPOLICY_UNION and simplify the build_policy logic.
Union all files found under BOARD_SEPOLICY_DIRS.
Change-Id: I4214893c999c23631f5456cb1b8edd59771ef13b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit 'ace2942cb32c3faefb6c39dd75f31f8b695f76e4':
mako: label boot block device
|
|
|
|
Bug: 19534538
Change-Id: I0e309e2de0c9b0f44dc99408c0bf77c25c3518ec
|
|
* commit 'b361572153bb7ac48a64af185fc4521d8139a8dc':
Allow init to rm /dev/diag
|
|
|
|
* commit '02a28238898a65b712acfad8cd49d11ad2dc37b6':
remove useless attempt to chmod /system/bin/ip
|
|
* commit '0e7ddd0a86f8006501afd74463914054abcef353':
remove /dev/diag node
|
|
|
|
/system is mounted read-only. It's impossible for init to modify
the permissions on /system/bin/ip.
Change-Id: Iea21412f4729e446a6e34677a4399f4b671d3c9f
|
|
Commit 69e1ad839d8a89f55eb226a639c760ac09e7135a
(AOSP cherrypick 3ac5654c0a144eda4925c70e5c2f275e95c31e7c) ensures
that /dev/diag is always removed on boot. Allow for it in
SELinux policy.
Addresses the following denial:
audit(1422745424.741:5): avc: denied { unlink } for pid=1 comm="init" name="diag" dev="tmpfs" ino=8302 scontext=u:r:init:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file
Change-Id: If20ae7eb64356c06e94873dec89fc1ca576fe74a
|
|
|
|
(cherrypicked from commit 69e1ad839d8a89f55eb226a639c760ac09e7135a)
Bug: 18203257
Change-Id: I7b9a2bdf0df6511317d59aa13fc187ab38795481
|
|
* commit '85d929d680bcd5af22245ef8cb8ef4f8269c8b00':
Fix "implicit declaration of function 'strerror'".
|
|
|
|
Change-Id: I9838226683077d7cecf568a9cec2a2bc98d1e37e
|
|
* commit 'c707b1d73e29aa8df2a6d2f666eca57e816b0f6e':
Camera: Add support to not queue all buffers up front
|
|
Camera HAL needs to call cancel_buffer on min_undequeued_buffers
preview buffers up front. That means not all preview buffers should
be queued into camera driver. This change adds the support.
Bug: 18630337
Change-Id: I794b0dcafa03ebfaddf4c68b66b09c74bbb206d0
|
|
* commit '5c6d74bb8fc04cdf47ebbc07c0b645d0c1c37646':
camera: Fix setting of HDR mode
|
|
In HDR mode, number of JPEG callbacks is set to 2, whereas it's set
to 1 in non-HDR mode. When switching between different camera modes
(camera, photosphere, panorama), make sure HDR mode is set correctly.
Bug: 18692917
Change-Id: I82056fc4d7e605f94bde9f126754d7f3536b2114
|
|
* commit '5590086e49e41c27fb239e6b0e79a30f342c36dd':
netmgrd: give explicit read access to /proc/net
|
|
|
|
We plan to remove /proc/net access from domain.te in a future
change. Make sure netmgrd doesn't depend on the rules in domain.te.
Bug: 9496886
Change-Id: I0f373cd02156c438243074b06b8fb7d8a3b69054
|
|
* commit 'f4c4ecd63907e27e702317dca21b3b81be826347':
Remove obsolete dalvik.gc.type-precise
|
|
|
|
Bug: 18895001
(cherry picked from commit 496da827c7c4523610b6a279803465aadaf59998)
Change-Id: If44229824f853a875ad4867eabd1712de6c95bd5
|
|
Bug: 18895001
Change-Id: Iea2ccbfd853c5f982d7792d79cc1df789dcbd91c
|
|
* commit '4d383c60d9423729b12bbdbc684b5df35c20c1f6':
Fix clang -Wc++11-narrowing warnings.
|
|
|
|
* commit '163b25f287a9dabb4af39139108b16e0c5e495b2':
Cleanup Obsolete LOCAL_PRELINK_MODULE.
|
|
|
|
Bug: 18675947
Change-Id: I82141525346a49411381774f37da17242e224e0d
|
|
Clang compiler gives warning to implicit conversions of
literal structure fields, although the compiler generated
implicit conversions are what we want in these cases.
Change-Id: Ibd987b4b4403920bb54452f7f433c432968478c2
|
|
* commit '6ce1b13b76004d63f31379d560e6e327c5e12382':
Conn_init: Fix unused variable
|
|
|
|
Bug: 18632512
Change-Id: I42e0169f762f30f7486170430eb1e472cfe620d8
|
|
* commit '4dc1f8cec363906c5e3a5558cf66e0c65160c388':
camera: Fix memory leak in HDR mode
|
|
The hdr YUV buffer counter should be incremented for every YUV
callback received.
b/18429991 Camera: ~40 MB memory leak per capture on N4 when using HDR mode
Change-Id: If90c931ebc9e87984bbe4b1d6f7934fd7f5daab9
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|
* commit 'ecdb82be65723f89a60bccf2a5069041d83e8713':
mako: Update APN info for Euskaltel, Carrefour, R_CABLE, ALTEL
|
|
Update APN info for the following operators:
[214 03 Euskaltel] - add APNs
[214 03 Carrefour] - update APNs
[214 06 R_CABLE] - update APNs
[240 01 Halebop] - APN add.
[240 07 TELE2] - update APNs.
[293 70 tusmobil] - add APNs.
[401 07 ALTEL] - add APN
[520 04 TrueMove] - add APN
[520 05 dtac] - add APN
TD: 126954, 129802, 129830, 134125, 126234, 126235, 127223
Bug: 18440267
Change-Id: I1b9370f4263943ceaa2539f4e3599eba935cd482
|
|
* commit '5b2d9248e0e5787cf5f1b08925da0b545093c58c':
Remove lge/mako no-op.
|