This commit updates the sepolicy items for N.
Unneeded policies are removed and CMTE related
policies are removed too (for now).
Change-Id: I733ab8861fad6d8eb0cbb6bf256e726b17eaab76
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Our healthd's support for power-on alarms adds some steps that imply
reading files its user doesn't own. Let it.
Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
* these denials happen globally on all caf devices using IOP
* move the fixes here
Change-Id: If59df8f7d8e74fd1a11436b4d1e1e9caa7527f17
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
This matches the policy for fsck.f2fs, although it still needs to run
as fsck_untrusted for public volumes
Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
If the "formattable" fstab flag is set, init will tries
to format that partition, added the required policy to allow it.
Change-Id: I858b06aa3ff3ce775cf7676b09b9960f2558f7f6
The init binary must transition to another domain when calling out to
executables. Create the mkfs domain for mkfs.f2fs such that init can
transition to it when formatting userdata/cache partitions if the
"formattable" flag is set.
Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
There is no reason for the makefiles to be split up as they have
been. They are not long enough to be hard to oversee in a single
file and, arguably, are even easier to manage in a single file.
Additionally, the dependency updater has been rewritten to be a
bit more flexible with its inputs and outputs. The usage stays
exactly the same.
Conflicts:
configs/pa_extras.mk
configs/system.mk
main.mk
prebuilt/app/Android.mk
Change-Id: Ie26c3b89721d03825fa3116ab5fe0cae76ec55ab
No file should have mixed indents (tabs vs spaces) and no file should
be missing the newline at the end of the file. Kthx.
Change-Id: Ie9f7b856f4122be60ee47a9a29729e1da059264d
When vold mounts an ext4 sdcard, it needs to force the context to
sdcard_external.
avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem
avc: denied { relabelto } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem
avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem
Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9
This is required for ASEC support. Vold can already create and
access directories, but do not yet have the permission for files.
Change-Id: I5082bbff692e5dc53c7000e4b3a293e42d33f901
installd need to query ASEC size on sdcard_external
to show on the Settings -> Apps page correctly.
Change-Id: I2d9a49b8f0652f05d73d0ff464a3835595e2cc3c
Alex Naidis
Evan Anderson
Alexis Rico
Ricardo Cerqueira
Steve Kondik
Jake Weinstein
thecrazyskull
Matthias Yzusqui
codeworkx
Ed Falk
dhacker29
Keith Mok
d34d
Valters Strods
Oliver Reiche
jrizzoli
jumoog
Pawit Pornkitprasan