Since commit: 24a3cbfa73
ueventd is attempting to relabel devices on calls to
make_device() when the device already exists. However, it
should only be called if the contexts for relabelfrom and
relabelto are different.
When this condition occurs, one will see denials like this:
[ 14.409448] type=1400 audit(978307239.225:26): avc: denied { relabelfrom } for pid=1572 comm="ueventd" name="ttyS0" dev="tmpfs" ino=9613 scontext=u:r:ueventd:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1
[ 14.428107] type=1400 audit(978307239.225:27): avc: denied { relabelto } for pid=1572 comm="ueventd" name="ttyS0" dev="tmpfs" ino=9613 scontext=u:r:ueventd:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1
Bug: 29106809
Change-Id: I2105b169206f0b26420f3c4b0ba5c49aeb98da92
Signed-off-by: William Roberts <william.c.roberts@intel.com>
clang doesn't do the frontend inlining/dead code elimination needed for
the fortified implementation to work. Therefore, turn it off.
Bug: http://b/28381737
Change-Id: Ie8dd970e3908b1daaa587ad2bd041e8f6e2089db
Changes expected output from a line cut from the less than portable
ps output to reporting the pid of logcatd (uid=logd comm=logcat).
Preserve reporting an error code if logcatd did not start.
Bug: 29075536
Change-Id: I61aa0a4787d4594c415d2c7db5bbb0e512676bf8
am: 6a29fe931d
* commit '6a29fe931d9fd3bf7f2aad3713dc70c080970763':
Add utility to prepare files in a similar way to directories
Change-Id: I288024d55e8cead1c902950938b03bfa8dcc3df3
(Cherry picked from commit 2b22a66382)
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
LOCAL_LDLIBS should only be used with -l flags for NDK and some host
libraries. Other uses should use LOCAL_SHARED_LIBRARIES.
LOCAL_LDFLAGS should not contain -l entries, they should be in
LOCAL_LDLIBS instead.
LOCAL_CFLAGS should not contain -I entries, those should use
LOCAL_C_INCLUDES instead.
Change-Id: Ic901aa14651572ac682166becd4f0cd86baecc34
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
am: 088f0e7c40
* commit '088f0e7c40a1cc66505f2bd73c54f3bab9908986':
Add /vendor/xbin to the list of directories of executables
Change-Id: Ib1172d5a5f0f0f1a82ce5ca260ef4539761ef679
Mark Salyzyn