Cm 13.0 #2
Closed
Cm 13.0 #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from armani_user_defconfig
Break the initialization dependency on module-load and tie it to opening up the actual v4l device. Change-Id: I12d5226e7e9b15d14cf62e2dc666612f4cb608f1
* Add QCOM_TDLS config entry and derp fix Signed-off-by: LuffyXDA <beastdragon01@gmail.com>
This patch fixes wrong memcpy size when copying ltk value to HCI_OP_LE_LTK_REPLY command. Change-Id: I8de20d772e5d2bd7b5a3c60d020c6a0e4be742ee
Export audio_effects.h for userland to use Change-Id: Ib4b040a87bcf89542d8c9dfb363fcd5f9a1bfc76
Change-Id: Ib85d17d76ce39e8e405aa9cf1dd0dc225c183f05
The composition fallback mechanism might not ensure unsetting of the pipe whose prepare call failed due to smp configuration change, typically in the cases where change in composition requests same pipe. This scenario is a deadlock where composition switch does not happen, due to these pipe failures. To handle such cases, for changed SMP request for a pipe doing non backend composition, allow smp configuration to happen, so that the composition could be successfully switched, thereby preventing the deadlock. Change-Id: I2d29ac6591671494abc7c4caf7c6c53f058d12f6 Signed-off-by: Justin Philip <jphili@codeaurora.org>
MDP_SMP_FORCE_ALLOC flag is used to allow SMP allocations even when there is mismatch between allocated and requested SMPs for a pipe. User space can make use of this flag in extreme scenarios where SMP allocations need to pass like GPU composition and playback of protected or secure videos. Change-Id: I369b4361e7e2bbfc8150add467678c4ef8d5cfb6 Signed-off-by: Justin Philip <jphili@codeaurora.org>
Send the resolution along with output buffer to the client to avoid a race condition where resolution might be changed multiple times in driver before client requests for updated resolution. Change-Id: I8ebb99e3baa04da09f153195a674babcebcfea78 Signed-off-by: Maheshwar Ajja <majja@codeaurora.org>
Firmware requires the max number of hier-p layers to be used during the encode session to be set in load resources state. Without this change, firmware will not enable hier-p encoding. Also switch to using HFI_PROPERTY_CONFIG_VENC_HIER_P_ENH_LAYER to set the number of hier-p layers. Change-Id: I1fbf835acdb7d0a06d33cf9c2d038fb87c10010d Signed-off-by: Arun Menon <avmenon@codeaurora.org>
Adds support to set initial qp, thereby allowing the client to set initial qp for I,P, and B frames. Change-Id: Ie956651bde85e800d97a0007769af9aec8ca16a4 Signed-off-by: Ashray Kulkarni <ashrayk@codeaurora.org>
When hardware is overloaded or when max number of clients are reached in driver or firmware, hardware error is sent to video client. This change is to replace hardware error with actual errors. CRs-fixed: 575852 Change-Id: I07e599f894a3716a3dc4fed5eb7c987311f5bdde Signed-off-by: Deepak Verma <dverma@codeaurora.org>
Add support and control for setting Active format description and closed caption meta data in the extradata. FW parses metadata and adds it to the extradata. Client can use control to parse extradata for the metadata information. Change-Id: I79fb71e635927c95e0792862c9dea7d96f58e895 Signed-off-by: Jayasena Sangaraboina <jsanga@codeaurora.org>
0x8080 is gray color concealment, changing it to black color, which is 0x8010. Change-Id: I50897d771913ee33a5b2c2ea486996dfc0c294bf Signed-off-by: Manikanta Sivapala <msivap@codeaurora.org>
Right now, input buffer size is calculated based on maximum supported height and width returned from FW. These values are not true representation as they are calculated for rotation usecase. Driver needs to use max MB supported from FW. This change fixes the same. CRs-Fixed: 599818 Change-Id: I5b5f7d0db1088a4bc16ec7a32b31e1f763d5da7c Signed-off-by: Manikanta Sivapala <msivap@codeaurora.org>
Take the minimum of the size calculated by driver using max width and height supported and the size set by client for input buffers. Change interface to get input and output buffer sizes. Change-Id: Ia3eb4cc7ae7bb38e2650fff1b694623e2aab62ef Signed-off-by: Manikanta Sivapala <msivap@codeaurora.org>
Add 8KB worth of padding for extradata. This is required to accommodate some of the larger extradata types that didn't fit into the residual space between the actual buffer size and its aligned size. CRs-Fixed: 647378 Change-Id: I550f806079dfbdece229f68ffdfc5c0e20b3c9e1 Signed-off-by: Deva Ramasubramanian <dramasub@codeaurora.org>
Previously, the extradata size was included within VENUS_BUFFER_SIZE and callers (primarily in userspace) wouldn't know how much extra padding was added to the buffer size. Exposing it allows userspace to query directly instead of doing guesswork. Change-Id: I7f9701a4adfe364d757028514bdd4fa84402a995 Signed-off-by: Deva Ramasubramanian <dramasub@codeaurora.org>
* Userspace uses this value too, so both kernel and userspace need to be in agreement here. Change-Id: Ic216adf95bf4207c93089d611c5122edaeb25a04
This reverts commit 5d21435. * To fix video recording
* MDP 4.2 supports Polynomial Color Correction. Use this to implement a simple sysfs API for adjusting RGB scaling values. This can be used to implement color temperature and other controls. * Why use this when we have KCAL? This code is dead simple, the interface is in the right place, and it allows for 128X accuracy. Change-Id: Ie17c84ee3c1092ea65804566bdf05326a34a6d4d
Change the flag to vendor command from NL80211_FLAG_NEED_WIPHY to NL80211_FLAG_NEED_NETDEV Change-Id: Ia7a99a326b87f4d6caa4b1b8a60943c03a757cb0 Signed-off-by: Jing Ji <a5705c@motorola.com> Reviewed-on: http://gerrit.mot.com/647903 Tested-by: Jira Key <jirakey@motorola.com> Reviewed-by: Igor Kovalenko <igork@motorola.com> SLTApproved: Christopher Fries <cfries@motorola.com> Submit-Approved: Jira Key <jirakey@motorola.com>
Many "rmnet_usb 1-1:1.6: [rmnet_usb0] error: rmnet_ioct called for unsupported cmd" messages are output when doing Embedded Rmnet communication. It is caused by receiving unsupported commands in rmnet_ioctl function. This is not an error condition, so downgrade to debug log level to quiet messages appearing on console. Moreover, Change %d to %x in this dev_dbg function call. %x will make it easier to identify ioctl code since they are usually defined in hex format in the header files. Change-Id: I776e9ced0a8a042331d73ab0cfebacc33f61dfc6 CRs-fixed: 622875 Signed-off-by: Guang Jian Zeng <gzeng@codeaurora.org>
Setting net.ipv6.conf.<interface>.accept_ra=2 causes the kernel to accept RAs even when forwarding is enabled. However, enabling forwarding purges all default routes on the system, breaking connectivity until the next RA is received. Fix this by not purging default routes on interfaces that have accept_ra=2. Change-Id: Icda010467c030b11f2cc91fac8d1331b6e9fc370 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> CRs-Fixed: 646636 Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
After IP route cache removal, I believe rcu_bh() has very little use and we should remove this RCU variant, since it adds some cycles in fast path. Anyway, the call_rcu_bh() use in fib_true is obviously wrong, since some users only assert rcu_read_lock(). Change-Id: Ie22d933518d579f4d018a4efec9d3a39c7b64681 Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> Git-commit: 0c03eca Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
A set of processes may happen to perform interleaved reads, i.e.,requests whose union would give rise to a sequential read pattern. There are two typical cases: in the first case, processes read fixed-size chunks of data at a fixed distance from each other, while in the second case processes may read variable-size chunks at variable distances. The latter case occurs for example with QEMU, which splits the I/O generated by the guest into multiple chunks, and lets these chunks be served by a pool of cooperating processes, iteratively assigning the next chunk of I/O to the first available process. CFQ uses actual queue merging for the first type of rocesses, whereas it uses preemption to get a sequential read pattern out of the read requests performed by the second type of processes. In the end it uses two different mechanisms to achieve the same goal: boosting the throughput with interleaved I/O. This patch introduces Early Queue Merge (EQM), a unified mechanism to get a sequential read pattern with both types of processes. The main idea is checking newly arrived requests against the next request of the active queue both in case of actual request insert and in case of request merge. By doing so, both the types of processes can be handled by just merging their queues. EQM is then simpler and more compact than the pair of mechanisms used in CFQ. Finally, EQM also preserves the typical low-latency properties of BFQ, by properly restoring the weight-raising state of a queue when it gets back to a non-merged state. Change-Id: If95ed48806330667f26959006a20ad13abfd44be Signed-off-by: Mauro Andreolini <mauro.andreolini@unimore.it> Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com> Signed-off-by: Paolo Valente <paolo.valente@unimore.it>
* Enable KSM * Enable F2FS * Enable FIOPS and BFQ I/O schedulers * Enable interactive and conservative cpu governors * Disable CGROUP_MEM_RES_CTLR as it causes bootloops
bc is the standard tool for multi-precision arithmetic. We switched to Perl because akpm reported a hard-to-reproduce build hang, which was very odd because affected and unaffected machines were all running the same version of GNU bc. Unfortunately switching to Perl required a really ugly "canning" mechanism to support Perl < 5.8 installations lacking the Math::BigInt module. It was recently pointed out to me that some very old versions of GNU make had problems with pipes in subshells, which was indeed the construct used in the Makefile rules in that version of the patch; Perl didn't need it so switching to Perl fixed the problem for unrelated reasons. With the problem (hopefully) root-caused, we can switch back to bc and do the arbitrary-precision arithmetic naturally. Change-Id: I048a7fb947f2fbd7b454e85b122c0e3601c02136 Signed-off-by: H. Peter Anvin <hpa@zytor.com> Cc: Andrew Morton <akpm@linux-foundation.org> Acked-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
Add a new Kconfig to enable more conservative computations sent to mpdecision: * Do not make IO busy * Do a time window weighted load computation instead of just a sum * Do an sliding window averaged time computation for number runnable The purpose of these changes is to make mpdecision less likely to keep extra cores online. It currently has a tendancy to run more cores running than needed and this can even cause some lag issues. Change-Id: Ibbe9dca04c8b3425e288afef9ef6166fbc4a0613
Change-Id: I8ef699df0133d97c067ba225e633776f5006d32c
commit 2b7834d upstream (net-next). This new command is missing. Change-Id: If511000c19aa9af7220ff775d88ace9834b35dcb Fixes: 880a6fa ("xfrm: configure policy hash table thresholds by netlink") Reported-by: Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: tarun93 <tarunmyid@gmail.com>
commit 5e6deeb upstream (net-next). This command is missing. Change-Id: Id0a0d9bf7a4af98a8f761fec902d1296138a911f Fixes: ecfd6b1 ("[XFRM]: Export SPD info") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: tarun93 <tarunmyid@gmail.com>
commit 5b5800f upstream (net-next). These commands are missing. Change-Id: I3fd1d3d700592c653e1a5c5199125805d55aaa95 Fixes: 28d8909 ("[XFRM]: Export SAD info.") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: tarun93 <tarunmyid@gmail.com>
commit b0b59b0 upstream (net-next). This command is missing. Change-Id: I8fa3b1b9815296d3b001244d2212f79f5654bd01 Fixes: 97a64b4 ("[XFRM]: Introduce XFRM_MSG_REPORT.") Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: tarun93 <tarunmyid@gmail.com>
commit 8d465bb upstream (net-next). This command is missing. Change-Id: Id2c9344ca1ab2c96e0b758ad1efb38e16cf23b86 Fixes: 5c79de6 ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE") Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: tarun93 <tarunmyid@gmail.com>
commit bd2cba0 upstream (net-next). This command is missing. Change-Id: Ida52130382e42355e5f3b39134aa61a1ea98026d Fixes: 3a2dfbe ("xfrm: Notify changes in UDP encapsulation via netlink") CC: Martin Willi <martin@strongswan.org> Reported-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: tarun93 <tarunmyid@gmail.com>
commit 6a96e15 upstream. The SELinux AF_NETLINK/NETLINK_SOCK_DIAG socket class was missing the SOCK_DIAG_BY_FAMILY definition which caused SELINUX_ERR messages when the ss tool was run. # ss Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 14189 * 14190 u_str ESTAB 0 0 * 14145 * 14144 u_str ESTAB 0 0 * 14151 * 14150 {...} # ausearch -m SELINUX_ERR ---- time->Thu Jan 23 11:11:16 2014 type=SYSCALL msg=audit(1390493476.445:374): arch=c000003e syscall=44 success=yes exit=40 a0=3 a1=7fff03aa11f0 a2=28 a3=0 items=0 ppid=1852 pid=1895 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ss" exe="/usr/sbin/ss" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=SELINUX_ERR msg=audit(1390493476.445:374): SELinux: unrecognized netlink message type=20 for sclass=32 Change-Id: I22218ec620bc3ee6396145f1c2ad8ed222648309 Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
When new objects are created we have great and flexible rules to determine the type of the new object. We aren't quite as flexible or mature when it comes to determining the user, role, and range. This patch adds a new ability to specify the place a new objects user, role, and range should come from. For users and roles it can come from either the source or the target of the operation. aka for files the user can either come from the source (the running process and todays default) or it can come from the target (aka the parent directory of the new file) examples always are done with directory context: system_u:object_r:mnt_t:s0-s0:c0.c512 process context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [no rule] unconfined_u:object_r:mnt_t:s0 test_none [default user source] unconfined_u:object_r:mnt_t:s0 test_user_source [default user target] system_u:object_r:mnt_t:s0 test_user_target [default role source] unconfined_u:unconfined_r:mnt_t:s0 test_role_source [default role target] unconfined_u:object_r:mnt_t:s0 test_role_target [default range source low] unconfined_u:object_r:mnt_t:s0 test_range_source_low [default range source high] unconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high [default range source low-high] unconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high [default range target low] unconfined_u:object_r:mnt_t:s0 test_range_target_low [default range target high] unconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high [default range target low-high] unconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high upstream commit aa89326 Change-Id: Ic8f33d05793bf742c70c68ea79e33c7f40ffbd53 Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
Because Fedora shipped userspace based on my development tree we now have policy version 27 in the wild defining only default user, role, and range. Thus to add default_type we need a policy.28. Upstream commit eed7795 Signed-off-by: Eric Paris <eparis@redhat.com> Change-Id: Icb3324af7f740249977a4559c2c5692c7fcc22a2 Signed-off-by: tarun93 <tarunmyid@gmail.com>
Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow holding of policy source info for constraints. Upstream commit a660bec Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> Change-Id: If419c7bfdea2f7006c9a62ea595f0cbfe5c78871 Signed-off-by: tarun93 <tarunmyid@gmail.com>
Add information about ioctl calls to the LSM audit data. Log the file path and command number. Bug: 18087110 Change-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
note that this patch depends on a prior patch that is already in android-3.4 but has not apparently found its way into the msm 3.4 branches (but is included in exynos and tegra), https://android-review.googlesource.com/#/c/92962/ Extend the generic ioctl permission check with support for per-command filtering. Source/target/class sets including the ioctl permission may additionally include a set of commands. Example: allow <source> <target>:<class> { 0x8910-0x8926 0x892A-0x8935 } auditallow <source> <target>:<class> 0x892A When ioctl commands are omitted only the permissions are checked. This feature is intended to provide finer granularity for the ioctl permission which may be too imprecise in some circumstances. For example, the same driver may use ioctls to provide important and benign functionality such as driver version or socket type as well as dangerous capabilities such as debugging features, read/write/execute to physical memory or access to sensitive data. Per-command filtering provides a mechanism to reduce the attack surface of the kernel, and limit applications to the subset of commands required. The format of the policy binary has been modified to include ioctl commands, and the policy version number has been incremented to POLICYDB_VERSION_IOCTL_OPERATIONS=30 to account for the format change. Bug: 18087110 Change-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
This code is not exercised by policy version 26, but will be upon upgrade to policy version 30. Bug: 18087110 Change-Id: I07c6f34607713294a6a12c43a64d9936f0602200 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
Security server omits the type field when writing out the contents of the avtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact on the running kernel or its loaded policy. Impacts CTS neverallow tests. Bug: 20665861 Change-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb Signed-off-by: Jeff Vander Stoep <jeffv@google.com> (cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d) Signed-off-by: tarun93 <tarunmyid@gmail.com>
If a wakeup source is found to be pending in the last stage of suspend after syscore suspend then the device doesn't suspend but the error is not propogated which causes an error in the accounting for the number of suspend aborts and successful suspends. Change-Id: Ib63b4ead755127eaf03e3b303aab3c782ad02ed1 Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
This reverts commit c061682. Bug: 22846070 Change-Id: I665c1f2350e10ce890e7c4be1a06e666929d5d7a Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
This reverts commit c9a8571. Bug: 22846070 Change-Id: I85e2b6322f98bd584ed523b0bd0291375dbc35dc Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
This reverts commit bc84b4a. Bug: 22846070 Change-Id: Ib4cb130b2225ea2e22556ff852313e0de7dddcab Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
This reverts commit 643ce43. Bug: 22846070 Change-Id: I5dde1878e5baac43b4968141c0dc60b70e042183 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
(cherry pick from commit 83d4a80) Commit f01e1af ("selinux: don't pass in NULL avd to avc_has_perm_noaudit") made this pointer reassignment unnecessary. Avd should continue to reference the stack-based copy. Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: tweaked subject line] Signed-off-by: Paul Moore <pmoore@redhat.com> Bug: 22846070 Change-Id: Ie33688d163870705272607309a27fb7c8f870748 Signed-off-by: tarun93 <tarunmyid@gmail.com>
(cherry pick from commit 671a278) Add information about ioctl calls to the LSM audit data. Log the file path and command number. Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Nick Kralevich <nnk@google.com> [PM: subject line tweak] Signed-off-by: Paul Moore <pmoore@redhat.com> Bug: 22846070 Change-Id: I4a7678294e0a3075f57bd77c76fd17e6f0d33e75 Signed-off-by: tarun93 <tarunmyid@gmail.com>
(cherry picked from commit fa1aa14) Add extended permissions logic to selinux. Extended permissions provides additional permissions in 256 bit increments. Extend the generic ioctl permission check to use the extended permissions for per-command filtering. Source/target/class sets including the ioctl permission may additionally include a set of commands. Example: allowxperm <source> <target>:<class> ioctl unpriv_app_socket_cmds auditallowxperm <source> <target>:<class> ioctl priv_gpu_cmds Where unpriv_app_socket_cmds and priv_gpu_cmds are macros representing commonly granted sets of ioctl commands. When ioctl commands are omitted only the permissions are checked. This feature is intended to provide finer granularity for the ioctl permission that may be too imprecise. For example, the same driver may use ioctls to provide important and benign functionality such as driver version or socket type as well as dangerous capabilities such as debugging features, read/write/execute to physical memory or access to sensitive data. Per-command filtering provides a mechanism to reduce the attack surface of the kernel, and limit applications to the subset of commands required. The format of the policy binary has been modified to include ioctl commands, and the policy version number has been incremented to POLICYDB_VERSION_XPERMS_IOCTL=30 to account for the format change. The extended permissions logic is deliberately generic to allow components to be reused e.g. netlink filters Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Nick Kralevich <nnk@google.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Bug: 22846070 Change-Id: I299dc776d2f98d593ecc051707110c92a085350f Signed-off-by: tarun93 <tarunmyid@gmail.com>
NOT intended for new Android devices - this commit is unnecessary for a target device that does not have a previous M variant. DO NOT upstream. Android only. Motivation: This commit mitigates a mismatch between selinux kernel and selinux userspace. The selinux ioctl white-listing binary policy format that was accepted into Android M differs slightly from what was later accepted into the upstream kernel. This leaves Android master branch kernels incompatible with Android M releases. This patch restores backwards compatibility. This is important because: 1. kernels may be updated on a different cycle than the rest of the OS e.g. security patching. 2. Android M bringup may still be ongoing for some devices. The same kernel should work for both M and master. Backwards compatibility is achieved by checking for an Android M policy characteristic during initial policy read and converting to upstream policy format. The inverse conversion is done for policy write as required for CTS testing. Bug: 22846070 Change-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: tarun93 <tarunmyid@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Selinux patches needed for CM-13.0 to boot :p