| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| |
| | |
/cache/recovery is used by 2 domains: recovery and updater apps. Separate
its perms from the rest of /cache and grant them to those 2 clients
Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
|
| |
| |
| |
| | |
Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1
|
| |
| |
| |
| |
| |
| | |
Added in patch e9c2de0679f16a8ba7291aaf2cd4286bef8b2886 but not included
Change-Id: I2ae901a7c80fceb33dba2ed4122d2aa47bff5a51
|
| |
| |
| |
| |
| | |
Change-Id: I6e6feae5fe6b4092c137ee2337c4a15b390df45e
Signed-off-by: Roman Birg <roman@cyngn.com>
|
| |
| |
| |
| | |
Change-Id: I7675b302723ef8700067ae9ef237daf6346a6627
|
| |
| |
| |
| | |
Change-Id: I2860f469480b082511e30530aed8a9027e9fe4b9
|
| |
| |
| |
| | |
Change-Id: I800584af2919e3397b19d229fc28ad50cc4b2730
|
| |
| |
| |
| |
| |
| | |
* Needed for custom keyhandler.
Change-Id: Ifa57ad81951f9e1009eb291726cd8dfe36a3482e
|
| |
| |
| |
| | |
Change-Id: I66c785de7256ea64302a258af7c33cb717530343
|
| |
| |
| |
| |
| |
| |
| | |
Assets such as composed icons and ringtones need to be accessed
by apps. This patch adds the policy needed to facilitate this.
Change-Id: If47920b2cc5dbafe8d71a621782bb4a3351bd68c
|
| |
| |
| |
| |
| |
| | |
* needed for io scheduler in performance settings
Change-Id: I818340ed62e3e1dd2674b93340b31723c7a985f4
|
| |
| |
| |
| | |
Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
|
| |
| |
| |
| | |
Change-Id: Idea17856b4aef9258688a3ad58d0e5cac6d805a6
|
| |
| |
| |
| |
| |
| |
| | |
Our partial wipes (preserving media) require that recovery can
rmdir dirs and getattr files
Change-Id: I206f74131f9a37c5887ef30062adeabb58beaa3a
|
| |
| |
| |
| |
| |
| |
| | |
CM12 doesn't have a KSM setting in performance settings anymore.
KSM should be configured and enabled on device basis.
Change-Id: I98a0cbe1b01a659eb28bcd459be55d78a88bda86
|
| |
| |
| |
| | |
Change-Id: Ic34c9ae32658541064a63153612145c6fd3d55b3
|
| |
| |
| |
| |
| |
| |
| |
| | |
- New theme_data_file context for files under /data/system/theme
- Permit systemserver to create files/dirs under /data/resource-cache
- Permit systemserver to create files/dirs under /data/system/theme
Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
|
| |
| |
| |
| | |
Change-Id: I41173d72e86f9cf4d79f7c46166eeb71dc19d2f4
|
| |
| |
| |
| |
| |
| |
| | |
the filemanager doesn't need to be in platform_app. Put it in untrusted_app,
especially since it's a possible su client
Change-Id: I164853f2c8721d86b5b90677cb33032a3b491ff5
|
| |
| |
| |
| | |
Change-Id: I67756bad2c6e1361ecc0052003f2b4e5e4dbb007
|
| |
| |
| |
| | |
Change-Id: Idfb690be5d35c03610165b914c0a3f2260e68956
|
| |
| |
| |
| |
| | |
Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17
Signed-off-by: Roman Birg <roman@cyngn.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process,
unless the new domain is bounded by the app's context. So we can't
switch to a domain that has perms not available to untrusted_app :(
This means any app can talk to the daemon, bypassing the su executable
client. That's not a good thing, and needs to be resolved.
Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2
|
| |
| |
| |
| |
| |
| | |
This reverts commit 04fd9192b05ae2655560a444711fe8859430f439.
Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
|
| |
| |
| |
| | |
Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e
|
| |
| |
| |
| |
| |
| |
| | |
- Integrate policies from domain.te (fixes ES File Manager which uses unix socket)
- Allow platform_app to use su (fixes CM File Manager)
Change-Id: I39dd55e63b44590575bbe6d889c8d77141ba8545
|
| |
| |
| |
| |
| |
| |
| | |
This makes the rule more specific by overriding the upstream sepolicy.
Also adds the adbd context which is necessary for "adb tcpip".
Change-Id: Ia17eb56fc1682ab248764329e88eebd2a4075c97
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Required due to CAF's abc9c0f4fe574ee9847f118e5d2ae8c530bac650 in
system/netd
Fixes showing how many devices are connected to the tethered hotspot
Change-Id: I1d83f7ac0b28efa6973e0baf429de2a398c471e3
|
| |
| |
| |
| |
| |
| |
| | |
* Fixes
vendor/cm/sepolicy/su.te:46:WARNING 'unrecognized character' at token '''
Change-Id: I3957ba7ac05062766cbf6c8f3c3975f20c95532e
|
| |
| |
| |
| |
| |
| | |
Required for network adb enable/disable to function
Change-Id: I3e2aacb6b8e9b107dcd229187a5dd76128e20001
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Allow setup of secure adb (setup_adbd)
* minivold in recovery
Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
|
| |
| |
| |
| |
| |
| |
| | |
Our healthd's support for power-on alarms adds some steps that imply
reading files its user doesn't own. Let it.
Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
|
| |
| |
| |
| |
| |
| |
| | |
These should be treated as regular dex cache files, but they're
expanded outside of the normal cache dir
Change-Id: Id046e1b90116b35d2e7817ed4717fcef78135f08
|
| |
| |
| |
| | |
Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a
|
| |
| |
| |
| | |
Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4
|
| |
| |
| |
| | |
Change-Id: Id9fc2d68b954e1cd6792739309a0df40e2dc998c
|
| |
| |
| |
| | |
Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
|
| | |
|
| |
| |
| |
| | |
Change-Id: I89220fae961f483dad8b92faaee9ed8fe6c8a7cf
|
| |
| |
| |
| |
| |
| | |
* Enable use of radish via netd for ipv6 tethering
Change-Id: Ifa0e85686fc70f59c089ca40a78cea9935820185
|
| |
| |
| |
| |
| |
| | |
* Every device which uses Prima or WCD will hit this, so just allow it.
Change-Id: Ie2303ad7fc3498276d41e567a738cd016f635453
|
| |
| |
| |
| |
| |
| |
| | |
* We need to allow relabeling since these files can pop in and out if
the governor is changed.
Change-Id: Id75099290e24dac9962d4fed8148ec2df9e256b2
|
| |
| |
| |
| |
| |
| | |
exfat and NTFS-3g requires access to /dev/fuse
Change-Id: I35b13ada586c8de3fbe04156c2d10bf5e3c07b3a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When vold mounts an ext4 sdcard, it needs to force the context to
sdcard_external.
avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem
avc: denied { relabelto } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem
avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem
Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9
|
| |
| |
| |
| |
| |
| |
| | |
This is required for ASEC support. Vold can already create and
access directories, but do not yet have the permission for files.
Change-Id: I5082bbff692e5dc53c7000e4b3a293e42d33f901
|
| |
| |
| |
| |
| |
| |
| | |
installd need to query ASEC size on sdcard_external
to show on the Settings -> Apps page correctly.
Change-Id: I2d9a49b8f0652f05d73d0ff464a3835595e2cc3c
|
| |
| |
| |
| |
| |
| | |
Allow fuse-mounted NTFS/exFAT file systems to be written to
Change-Id: I1492914dd269a305e27aba58e61064d853adf2bc
|
| |
| |
| |
| | |
Change-Id: I92392f3d810dfaf8dfc35f5c9170178a651d28dc
|
| |
| |
| |
| | |
Change-Id: I458d464598777fa06751dad0aa9cfd4d903a4de1
|
| |
| |
| |
| | |
Change-Id: I6bda9e4876b9053ea16fe3c11c21b9c1e7acb17a
|