| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| | |
Change-Id: Ibcb714248c28abf21272986facaade376dcbd7ef
|
|/
|
|
|
|
|
| |
- Update selinux policy for CameraServiceProxy.
Bug: 21267484
Change-Id: Ib821582794ddd1e3574b5dc6c79f7cb197b57f10
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
deviceidle service should be accessible to all non third-party apps.
Cherry-pick of commit: 7c1dced7d5d836d84d38aa33d86b0f8361070a3c
Change-Id: Ia410fe0027f212009cc2abeaabc64c7c87841daa
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This enables access to gatekeeperd for anybody who invokes Android
framework APIs. This is necessary because the AndroidKeyStore
abstraction offered by the framework API occasionally communicates
with gatekeeperd from the calling process.
(cherry picked from commit effcac7d7eddded5fa31d294dfe3fd1757de51c7)
Bug: 20526234
Change-Id: I450242cd085259b3f82f36f359ee65ff27bebd13
|
|
|
|
|
|
|
|
|
|
| |
Settings needs to be able to access it when opening developer options.
Address the following denial:
avc: denied { find } for service=persistent_data_block scontext=u:r:system_app:s0 tcontext=u:object_r:persistent_data_block_service:s0 tclass=service_manager
Bug: 20131472
Change-Id: I85e2334a92d5b8e23d0a75312c9b4b5bf6aadb0b
|
|
|
|
|
|
|
|
| |
Backup service needs to be accessible to all apps to notify the system when
something changes which is being backed-up.
Bug: 18106000
Change-Id: I8f34cca64299960fa45afc8d09110123eb79338b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the remaining services from tmp_system_server_service to appropriate
attributes and remove tmp_system_server and associated logging:
registry
restrictions
rttmanager
scheduling_policy
search
sensorservice
serial
servicediscovery
statusbar
task
textservices
telecom_service
trust_service
uimode
updatelock
usagestats
usb
user
vibrator
voiceinteraction
wallpaper
webviewupdate
wifip2p
wifi
window
Bug: 18106000
Change-Id: Ia0a6d47099d82c53ba403af394537db6fbc71ca0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the following services from tmp_system_server_service to appropriate
attributes:
network_management
network_score
notification
package
permission
persistent
power
print
processinfo
procstats
Bug: 18106000
Change-Id: I9dfb41fa41cde72ef0059668410a2e9eb1af491c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the following services from tmp_system_server_service to appropriate
attributes:
jobscheduler
launcherapps
location
lock_settings
media_projection
media_router
media_session
mount
netpolicy
netstats
Bug: 18106000
Change-Id: Ia82d475ec41f658851f945173c968f4abf57e7e1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the following services from tmp_system_server_service to appropriate
attributes:
diskstats
display
dreams
dropbox
ethernet
fingerprint
graphicstats
hardware
hdmi_control
input_method
input_service
Bug: 18106000
Change-Id: Iadd8aab9e78d9d39fb00cf0b5a95fa1927d02095
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the following services from tmp_system_server_service to appropriate
attributes:
battery
bluetooth_manager
clipboard
commontime_management
connectivity
content
country_detector
device_policy
deviceidle
Bug: 18106000
Change-Id: I0d0f2a075c0509a783631d88ba453ac13399cdf2
|
|
|
|
|
|
|
|
|
|
| |
sets up:
- execute permissions
- binder permission (system_server->gatekeeper->keystore)
- prevents dumpstate and shell from finding GK binder service
- neverallow rules for prohibited clients
Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
|
|
|
|
|
|
|
|
| |
Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services
the appropriate service access levels and move into enforcing.
Bug: 18106000
Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7
|
|
|
|
|
|
|
|
|
| |
Move accessibility, account, appops and activity services into enforcing with
app_api_service level of access, with additional grants to mediaserver and
isolated app.
Bug: 18106000
Change-Id: I1d5a79b9223026415f1690e8e9325ec4c270e3dd
|
|
|
|
|
|
|
|
|
|
|
| |
System services differ in designed access level. Add attributes reflecting this
distinction and label services appropriately. Begin moving access to the newly
labeled services by removing them from tmp_system_server_service into the newly
made system_server_service attribute. Reflect the move of system_server_service
from a type to an attribute by removing access to system_server_service where
appropriate.
Change-Id: I7fd06823328daaea6d6f96e4d6bd00332382230b
|
|
|
|
| |
Change-Id: I156b139b57f46c695ece35b7b26a3087d87b25df
|
|
|
|
| |
Change-Id: I283663caea0ee1597645856fb31f13b26e902315
|
|
|
|
|
|
| |
Bug: 19186859
Change-Id: Ic08858f346d6b66e7bfc9da6faa2c6e38d9b2e82
|
|
|
|
|
|
|
|
| |
Temporarily give every system_server_service its own
domain in preparation for splitting it and identifying
special services or classes of services.
Change-Id: I81ffbdbf5eea05e0146fd7fd245f01639b1ae0ef
|
|
|
|
|
|
|
|
| |
Map imms to system_app_service in service_contexts and add
the system_app_service type and allow system_app to add the
system_app_service.
Bug: 16005467
Change-Id: I06ca75e2602f083297ed44960767df2e78991140
|
|
|
|
|
|
|
| |
Add missing services related to battery, bluetooth, time,
and radio to service_contexts.
Change-Id: I8bf05feb173d49637048c779757013806837fede
|
|
Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.
Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
|