48b12ed5a29343f13252c57e23b2feb2e0238681 |
|
20-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
flo: increase vmalloc size by 100MB (240MB-->340MB) b/18402205 External reports: Video playback failing on Flo after upgrade to Lollipop Change-Id: I8569a59f357a0bd689ed5a86da27fcf524a28143 Signed-off-by: Iliyan Malchev <malchev@google.com>
/device/asus/flo/BoardConfigCommon.mk
|
b450b48b1a55913960b93c07e960b885218ad4f7 |
|
11-Aug-2014 |
Alex Light <allight@google.com> |
Enable WITH_DEXPREOPT on devices where it is possible Change-Id: I0ea9768f801865f95f2774b8377cc8f3d75e30bf (cherry picked from commit 35251f090b30d32c79febcc9c4296534cc3b5f5b)
/device/asus/flo/BoardConfigCommon.mk
|
8a000094f63244863d7d4f16c9a22d2123f4ccc6 |
|
11-Aug-2014 |
Alex Light <allight@google.com> |
Enable WITH_DEXPREOPT_BOOT_IMG_ONLY to support partial preopting Bug: 16938924 Change-Id: Iadf3235cbd93375b8c3b89faa07d7d6c42cd6fb0 (cherry picked from commit c8030c7f4c3f550710450599d3915fb09284575a)
/device/asus/flo/BoardConfigCommon.mk
|
65650fd6fb6371f20a470e630b2cd11c4d5d28da |
|
17-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Update selinux rules for rmt_storage Google's internal master has been updated to not use /dev/mem. Update the SELinux rules to allow for this. Keep rmt in permissive for AOSP. The updated userspace / kernel aren't in AOSP, and we don't want to break those users. We'll flip this to enforcing in Google's internal tree. (cherry picked from commit 023162b9e8f6ccfa40fbe1e0e2c5548721099562) Change-Id: Ie9de15361c4f283baa912bcd15e3e3c93c897c6a
/device/asus/flo/BoardConfigCommon.mk
|
dba9973dd7c03c2a18770c78945461ea91311d63 |
|
16-Jun-2014 |
Victoria Lease <violets@google.com> |
enable EXTENDED_FONT_FOOTPRINT for flo/deb please enjoy your new selection of CJK fonts! Bug: 15569561 Change-Id: Ia9cacbe788e0ebcd4f34e44fc6edad4f621f47f7
/device/asus/flo/BoardConfigCommon.mk
|
f3cf895319941d13b488b4f37de30c9c83b2adb0 |
|
30-May-2014 |
Nick Kralevich <nnk@google.com> |
am 01902a06: am 45248675: am 7d491eeb: Merge "Drop ppd selinux policy." * commit '01902a06526bdc737b5c36e917fa5cab70b36763': Drop ppd selinux policy.
|
45248675fce36c418344cffe10ca9dbb3a6737ea |
|
30-May-2014 |
Nick Kralevich <nnk@google.com> |
am 7d491eeb: Merge "Drop ppd selinux policy." * commit '7d491eebc25f051dfe3d4a52d16a21248534cdc5': Drop ppd selinux policy.
|
159a3411c21a7b5f6691e6dd28fad291b120e5a9 |
|
30-May-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Drop ppd selinux policy. The ppd service which runs the mm-pp-daemon binary appears to no longer be used. The last occurrence of the binary for either flo or deb is with the jss15r and jls36i builds respectively. In fact, current builds report that the ppd service is explicitly being disabled. <3>[ 5.023345] init: cannot find '/system/bin/mm-pp-daemon', disabling 'ppd' Thus, just drop the selinux policy for it. While we're at it, drop the ppd service entries from the init.flo.rc file too. Change-Id: I5902b6876d5bea33bb65dcaa505fc4ee13a61677 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/device/asus/flo/BoardConfigCommon.mk
|
de81fe0b2674f8be5a8274db2c004c15abaddcf1 |
|
01-Apr-2014 |
Doug Zongker <dougz@android.com> |
remove custom recovery UI for flo All its functionality is now in the default UI. Change-Id: I013f864bae10e3e1e8bee65241d05a8e5529f680
/device/asus/flo/BoardConfigCommon.mk
|
d9093241a3c6433fa8866c8c71e865fd7590c19e |
|
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 6991ec7a: Merge "SELinux: Allow hostapd to read wifi data files under /persist." * commit '6991ec7a25209ef4bd5b3522b3afabbe8eab832f': SELinux: Allow hostapd to read wifi data files under /persist.
|
66cfafa54fc4e4e50901f24be4593b39b69e66be |
|
06-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
SELinux: Allow hostapd to read wifi data files under /persist. Addresses the following denials: avc: denied { search } for pid=9143 comm="hostapd" name="wifi" dev="mmcblk0p16" ino=12 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=dir avc: denied { getattr } for pid=9143 comm="hostapd" path="/persist/wifi/.macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file avc: denied { read } for pid=9143 comm="hostapd" name=".macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file avc: denied { open } for pid=9143 comm="hostapd" name=".macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file Change-Id: I0e86c92d91601c341c1798f869b935b359c2577a Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/device/asus/flo/BoardConfigCommon.mk
|
dcaccbaccef2814b44abd57fe0670413d82f76ff |
|
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am d802a62f: Merge "Move SELinux diag_device policy to userdebug/eng." * commit 'd802a62fd6dd27e14742d98f4fb06f52fefa8f5d': Move SELinux diag_device policy to userdebug/eng.
|
ba571057faf0714eeaf646d0033c8c393b94c197 |
|
21-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Move SELinux diag_device policy to userdebug/eng. Also just remove all specific domain access and instead allow diag_device access for all domains on the userdebug/user builds. Change-Id: I2dc79eb47e05290902af2dfd61a361336ebc8bca Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/device/asus/flo/BoardConfigCommon.mk
|
ca4a7b9a8bcabfeed55e54fa263396668c1c23f4 |
|
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 699b9b67: Merge "Address SELinux denials with rild." * commit '699b9b6704abf8ecd9b4efeb631fee06173f417e': Address SELinux denials with rild.
|
62d77eeceb8f826b6e673170fc514091bb109a50 |
|
21-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Address SELinux denials with rild. Allow r/w access to /dev/diag on userdebug/eng builds. avc: denied { read write } for pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file avc: denied { open } for pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file Grant radio sockets access to rild. avc: denied { write } for pid=323 comm="rild" name="qmux_radio" dev="tmpfs" ino=1053 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=dir avc: denied { write } for pid=323 comm="rild" name="qmux_connect_socket" dev="tmpfs" ino=1309 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file avc: denied { connectto } for pid=323 comm="rild" path="/dev/socket/qmux_radio/qmux_connect_socket" scontext=u:r:rild:s0 tcontext=u:r:qmux:s0 tclass=unix_stream_socket Change-Id: I89f7531fb006bfcae9f97b979fba61f3ed6badde Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/device/asus/flo/BoardConfigCommon.mk
|
0790950ccfd34ce9b2a74a12d6e15ff7d65c5353 |
|
31-Jan-2014 |
Stephen Hines <srhines@google.com> |
DO NOT MERGE: Disable GPU RS driver due to AOSP incompatibility. This change will necessitate a rebuilt GPU driver: https://android-review.googlesource.com/80951 Change-Id: I61f4098305422021f6f78dc7f3b99e2cc9b4c116
/device/asus/flo/BoardConfigCommon.mk
|
a37cbdbfffe86ab8b7b32607a06b4ee4b3b539ba |
|
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
initial irsc_util domain Initially unconfined and enforcing. Change-Id: I49be1c53afb1f91836d5e49dbce84c4a0c789478
/device/asus/flo/BoardConfigCommon.mk
|
c2fadc12a16bbf96b00fac8f14d69aab766519be |
|
12-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move gpu_device type and rules to core policy. Change-Id: I3ce0b4bd25e078698a1c50242aaed414bf5cb517 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/device/asus/flo/BoardConfigCommon.mk
|
df2aa61a2d209da854474ba18d7350e9380c0cd4 |
|
25-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
SELinux policy updates. * Make gpu_device a trusted object since all apps can write to the device. denied { write } for pid=3460 comm="ense_free.menus" name="kgsl-3d0" dev="tmpfs" ino=7606 scontext=u:r:untrusted_app:s0:c92,c256 tcontext=u:object_r:gpu_device:s0 tclass=chr_file * Drop dead type mpdecision_device. * Create policy for mm-pp-daemon and keep it permissive. Address the following initial denials. denied { write } for pid=220 comm="mm-pp-daemon" name="property_service" dev="tmpfs" ino=7289 scontext=u:r:ppd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file denied { connectto } for pid=220 comm="mm-pp-daemon" path="/dev/socket/property_service" scontext=u:r:ppd:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket denied { read write } for pid=220 comm="mm-pp-daemon" name="fb0" dev="tmpfs" ino=8523 scontext=u:r:ppd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file denied { open } for pid=220 comm="mm-pp-daemon" name="fb0" dev="tmpfs" ino=8523 scontext=u:r:ppd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file denied { ioctl } for pid=220 comm="mm-pp-daemon" path="/dev/graphics/fb0" dev="tmpfs" ino=8523 scontext=u:r:ppd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file * Add kickstart_exec labels for kickstart binaries that are used by deb devices. * Add tee policy. Label /data/misc/playready and allow tee access. denied { write } for pid=259 comm="qseecomd" name="misc" dev="mmcblk0p30" ino=635233 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir denied { read } for pid=232 comm="qseecomd" name="/" dev="mmcblk0p30" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir denied { create } for pid=306 comm="qseecomd" name="playready" scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir denied { search } for pid=282 comm="qseecomd" name="playready" dev="mmcblk0p30" ino=635262 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir denied { read } for pid=282 comm="qseecomd" name="playready" dev="mmcblk0p30" ino=635262 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir denied { write } for pid=265 comm="qseecomd" name="playready" dev="mmcblk0p30" ino=635262 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir denied { create } for pid=252 comm="qseecomd" name="tzdrm.log" scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=file denied { read write open } for pid=271 comm="qseecomd" name="tzdrm.log" dev="mmcblk0p30" ino=635264 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=file * Give surfaceflinger access to /dev/socket/pps and allow access to certain sysfs nodes. denied { write } for pid=181 comm="surfaceflinger" name="pps" dev="tmpfs" ino=7958 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:ppd_socket:s0 tclass=sock_file denied { write } for pid=182 comm="surfaceflinger" name="hpd" dev="sysfs" ino=9639 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file Change-Id: Ia7a5c63365593af7ac5adc207b27fad113b01dd3
/device/asus/flo/BoardConfigCommon.mk
|
e43c3f5a4a6e193cf92ad0d05c78456b581dc917 |
|
23-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 3dd91d02: Merge "Add to selinux policy." * commit '3dd91d0298097d990ff37ddc6885fe63d819eae2': Add to selinux policy.
|
5c05d63597811693a9bd7506ab1708ab7907add2 |
|
22-Nov-2013 |
The Android Open Source Project <initial-contribution@android.com> |
Merge commit 'e741348065428222edfd3486180e1778ffb489d6' into HEAD
|
9d6624a0b503d2fe950dd0dccfe9ca90aae19eac |
|
15-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Add to selinux policy. Bring policy over from the mako board which has a lot of similar domains and services. mako is also a Qualcomm board which allows a lot of that policy to be directly brought over and applied. Included in this are some radio specific pieces. Though not directly applicable to flo, the deb board inherits this policy. Change-Id: I6b294c7dc830189c08f1f981a239234a2c3f577f
/device/asus/flo/BoardConfigCommon.mk
|
6e899c856889fcb7fe17aeba7c8122312e09bab5 |
|
13-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Create new security labels for device nodes. Labeling nodes with appropriate types doesn't introduce any new denials to the mix. This list largely addresses the Qualcomm specific nodes. Various nodes are labeled with radio specific types. Since the deb build inherits from this flo policy, it is a good idea to include them. Change-Id: Ia55a80af027c8bde933d45c41f4ed287f01adb2e
/device/asus/flo/BoardConfigCommon.mk
|
c1dd2c8312e20e0633db90a3c6d8df06ded6da8a |
|
13-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Label kgsl (graphics) nodes. Created a new label and addressed the following denials. * For system server denied { read write } for pid=800 comm="ndroid.systemui" name="kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file denied { open } for pid=800 comm="ndroid.systemui" name="kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file denied { ioctl } for pid=800 comm="ndroid.systemui" path="/dev/kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file * For surfaceflinger denied { ioctl } for pid=286 comm="SurfaceFlinger" path="/dev/kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file denied { read write } for pid=286 comm="SurfaceFlinger" path="/dev/kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:device:s0 tclass=chr_file * For app domains denied { read write } for pid=800 comm="ndroid.systemui" name="kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file denied { open } for pid=800 comm="ndroid.systemui" name="kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file denied { ioctl } for pid=800 comm="ndroid.systemui" path="/dev/kgsl-3d0" dev="tmpfs" ino=8426 scontext=u:r:platform_app:s0 tcontext=u:object_r:device:s0 tclass=chr_file Change-Id: I417bbd12fbdc17cd3d1110dcf3bff73dd5e385a4
/device/asus/flo/BoardConfigCommon.mk
|
226d605c9d2c1e99469464842c36f6cd9fb4f789 |
|
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
fix broken wifi on flo/deb 00739e3d14f2f1ea9240037283c3edd836d2aa2f in external/sepolicy moved ueventd into enforcing. This broke wifi on flo/deb. Fix it. This addresses the following denials: <5>[ 219.755523] type=1400 audit(1384456650.969:107): avc: denied { search } for pid=2868 comm="ueventd" name="wifi" dev="mmcblk0p30" ino=637740 scontext=u:r:ueventd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=dir <5>[ 219.755706] type=1400 audit(1384456650.969:108): avc: denied { read } for pid=2868 comm="ueventd" name="WCNSS_qcom_cfg.ini" dev="mmcblk0p30" ino=637747 scontext=u:r:ueventd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=file <5>[ 219.755889] type=1400 audit(1384456650.969:109): avc: denied { open } for pid=2868 comm="ueventd" name="WCNSS_qcom_cfg.ini" dev="mmcblk0p30" ino=637747 scontext=u:r:ueventd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=file <5>[ 219.756134] type=1400 audit(1384456650.969:110): avc: denied { getattr } for pid=2868 comm="ueventd" path="/data/misc/wifi/WCNSS_qcom_cfg.ini" dev="mmcblk0p30" ino=637747 scontext=u:r:ueventd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=file Bug: 11688129 Change-Id: Ice0d3432010cfbbce88dd0ede013af3b2297d3d6
/device/asus/flo/BoardConfigCommon.mk
|
40b7b28ddfbf5a322d0d2b1172e58c41a1205248 |
|
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Move rmt into its own domain. Don't run rmt in init's domain. /system/bin/rmt_storage is a qualcomm specific daemon responsible for servicing modem filesystem requests. It doesn't make sense to run rmt_storage in init's domain, as doing so prevents us from fine tuning its policy. Keep the domain in permissive mode right now until we address the following denials: <5>[ 7.497467] type=1400 audit(1383939680.983:5): avc: denied { read write } for pid=193 comm="rmt_storage" name="mem" dev="tmpfs" ino=4010 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file <5>[ 7.497741] type=1400 audit(1383939680.983:6): avc: denied { open } for pid=193 comm="rmt_storage" name="mem" dev="tmpfs" ino=4010 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file We still need to get a better understanding of what rmt_storage does and what rules should be applied to it. Change-Id: I45d03fb93870f1b4bb64215f5dcd9a2a443f5566
/device/asus/flo/BoardConfigCommon.mk
|
203fd0df67d63308b65a3672700570e06f54739d |
|
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Label /dev/qseecom Otherwise keystore in enforcing is broken. Bug: 11518274 Change-Id: I10ead7cabe794d1752a8cba4dc3193217aad7805
/device/asus/flo/BoardConfigCommon.mk
|
cd49ca8e6af70f4597a75331fe696af7eb3c6122 |
|
08-Oct-2013 |
Jamie Gennis <jgennis@google.com> |
Set a present -> vsync offset Bug: 10624956 Change-Id: If0908918defb54ac7101586636ced55d4f411e17
/device/asus/flo/BoardConfigCommon.mk
|
54dca38d9621c0c21f01356a7fd2da5c15a0d7fc |
|
06-Sep-2013 |
Iliyan Malchev <malchev@google.com> |
flo: enable device-specific camera b/10429994 Change-Id: Ia03f3a7628448afb8b115a898a3373f95e1dcbd0 Signed-off-by: Iliyan Malchev <malchev@google.com>
/device/asus/flo/BoardConfigCommon.mk
|
ab3a4598f5eecf9045f9e6d3029159f6000cb325 |
|
11-Jul-2013 |
Iliyan Malchev <malchev@google.com> |
flo: enable OVERIDE_RS_DRIVER Change-Id: I584c414d27477937e59bbf64114d513cc1988c69 Signed-off-by: Iliyan Malchev <malchev@google.com>
/device/asus/flo/BoardConfigCommon.mk
|
6a51934a6c69a1e8a1cef6505c03f192403e6cb8 |
|
13-Jun-2013 |
Iliyan Malchev <malchev@google.com> |
resolved conflicts for merge of 17c394cc to master Change-Id: I19f5b66636fe1b22cf6eac01501b2c851e93b3b2
|
604128e9835f8a26c3168b058bafc7ef72787bd2 |
|
13-Jun-2013 |
Iliyan Malchev <malchev@google.com> |
Revert "Revert "flo: disable CABL"" This reverts commit 1f335d5117a265fea2b81d780ad87892a72fc766. Bug: 9414907 Change-Id: I9576f753e26b197b74d753bbe92c27bb6b170b5e Signed-off-by: Iliyan Malchev <malchev@google.com>
/device/asus/flo/BoardConfigCommon.mk
|
ac46a956011cf8b566d03625e9d525928b007194 |
|
31-May-2013 |
Ed Tam <etam@google.com> |
Build fix. USE_DEVICE_SPECIFIC_QCOM_PROPRIETARY flag got lost in a merge conflict. Change-Id: I85e5c9d124e62d7aade47f3ad45a39e2e77347fe
/device/asus/flo/BoardConfigCommon.mk
|
0870f9fb5f2d093f09890aa7f5ddadfa91c190e4 |
|
31-May-2013 |
Iliyan Malchev <malchev@google.com> |
flo: fix recovery code Bug: 9010664 Change-Id: I4d6f86c994299c8f9af56d244cdfbe27125c02f6 Signed-off-by: Iliyan Malchev <malchev@google.com>
/device/asus/flo/BoardConfigCommon.mk
|
5dde0d61561977e5ac93ec2496e6a941d9982482 |
|
23-May-2013 |
Ed Tam <etam@google.com> |
Break out flo and common makefiles for deb support. Bug: 9067974 Change-Id: Ia1530db751d26f0a930966d656d55978c140f33d
/device/asus/flo/BoardConfigCommon.mk
|