Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts. A change to init is removing this special case and
therefore, the "ro." prefixes must be explicitly added to
property_contexts.
Bug 26425619
Change-Id: I735eb9fc208eeec284cda8d778db946eeec24192
With some core classes moved to separate core-oj jar
we need to use the new jar.
(cherry picked from commit 89b94c827f)
Change-Id: I025c0adc70535bf23def3ab0ce28a1bfaef72514
This commit fixes the avc denied issues in the emulators:
- goldfish_setup is granted for network access
- netd dontaudit for sys_module
- qemu_prop is granted domain for get_prop
Critical issue was that SELinux denied reading the lcd_density property
by SurfaceFlinger via qemu_prop and this commit fixes it.
Change-Id: I633d96f4d2ee6659f18482a53e21f816abde2a5f
Signed-off-by: Miroslav Tisma <miroslav.tisma@imgtec.com>
The extra inheritance layer may cause multiple
PRODUCT_DEVICE/PRODUCT_BRAND values for a product if it doesn't
explicitly override them, eg. gms.
The full_* are deprecated product names. We keep them just for backward
compatibility, for some tools may still use the full_* product names.
Bug: 25611987
Change-Id: I7ecebd422754c3ceb16507b8d9ced65d533fe7c3
These boot properties are used by android wear emulator to configure
round and chin shaped devices.
Bug: 23324757
Change-Id: I812da02d771bba0ffc63b14459c7de7cbdeed142
Addresses the following denial:
init: avc: denied { set } for property=opengles.version scontext=u:r:qemu_props:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
Bug: 25148690
Change-Id: I4b197eeabfe37e794104e4e686e9e388b5bc3e0c
https://android-review.googlesource.com/175922 removed all uses
of system_server execmem and neverallowed it. The x86 emulator policy
inappropriately includes this rule. Delete it.
Fixes the following build breakage:
libsepol.report_failure: neverallow on line 473 of external/sepolicy/system_server.te (or line 12452 of policy.conf) violated by allow system_server system_server:process { execmem };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
Change-Id: I7fbfaa0a09e8f4e8a372d2f1a64bbe58d5302204
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
We don't have dm-verity enabled on eng builds, so don't waste time
generating metadata for images.
Change-Id: Ib2c8d459bb50c30dc32a4ea1fdedc152c09a3a0f
(cherry picked from commit beae6395fc)
Seems it's copied from target/product/generic_no_telephony.mk
which had duplicate local_time.default before.
(fixed in commit 567ea28838)
Change-Id: I09dcdffc14de08b3d25a5fd08364d38b2712bb08
Bug: 24171451
I missed this when I initially added ld.mc as a requirement for
core_minimal.mk. This is required for RenderScript linking on the
device.
Change-Id: Ie3ffa2454214f886c38387f45b34df2dcbebd6e6
Networking on old emulator device(a.k.a. goldfish) relies on RIL;
However, RIL is not available on ranchu device yet. For ranchu device
to have a functional networking, we need to add ethernet permission
and start dhcpcd_eth0 service on ranchu device. This CL adds ethernet
permission to both goldfish (which is harmless) and ranchu devices.
This addition was originally proposed by miroslav.tisma@imgtec.com
and the ethernet permission was only added to arm64 and mips64 after
discussion. With the ranchu device supporting more architectures,
it makes sense to allow this permission on all devices and all CPU
architectures.
related CL by miroslav.tisma@imgtec.com on AOSP:
b09fb84becf73bf2bc578ebf27910d75b79d668a
bug: 24070972
Change-Id: I81ac5d8901adee43784fe9dd45a170fb90bb824a