Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts. A change to init is removing this special case and
therefore, the "ro." prefixes must be explicitly added to
property_contexts.
Bug 26425619
Change-Id: I735eb9fc208eeec284cda8d778db946eeec24192
With some core classes moved to separate core-oj jar
we need to use the new jar.
(cherry picked from commit 89b94c827f)
Change-Id: I025c0adc70535bf23def3ab0ce28a1bfaef72514
This commit fixes the avc denied issues in the emulators:
- goldfish_setup is granted for network access
- netd dontaudit for sys_module
- qemu_prop is granted domain for get_prop
Critical issue was that SELinux denied reading the lcd_density property
by SurfaceFlinger via qemu_prop and this commit fixes it.
Change-Id: I633d96f4d2ee6659f18482a53e21f816abde2a5f
Signed-off-by: Miroslav Tisma <miroslav.tisma@imgtec.com>
The extra inheritance layer may cause multiple
PRODUCT_DEVICE/PRODUCT_BRAND values for a product if it doesn't
explicitly override them, eg. gms.
The full_* are deprecated product names. We keep them just for backward
compatibility, for some tools may still use the full_* product names.
Bug: 25611987
Change-Id: I7ecebd422754c3ceb16507b8d9ced65d533fe7c3
These boot properties are used by android wear emulator to configure
round and chin shaped devices.
Bug: 23324757
Change-Id: I812da02d771bba0ffc63b14459c7de7cbdeed142
Addresses the following denial:
init: avc: denied { set } for property=opengles.version scontext=u:r:qemu_props:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
Bug: 25148690
Change-Id: I4b197eeabfe37e794104e4e686e9e388b5bc3e0c
https://android-review.googlesource.com/175922 removed all uses
of system_server execmem and neverallowed it. The x86 emulator policy
inappropriately includes this rule. Delete it.
Fixes the following build breakage:
libsepol.report_failure: neverallow on line 473 of external/sepolicy/system_server.te (or line 12452 of policy.conf) violated by allow system_server system_server:process { execmem };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
Change-Id: I7fbfaa0a09e8f4e8a372d2f1a64bbe58d5302204
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
We don't have dm-verity enabled on eng builds, so don't waste time
generating metadata for images.
Change-Id: Ib2c8d459bb50c30dc32a4ea1fdedc152c09a3a0f
(cherry picked from commit beae6395fc)
Seems it's copied from target/product/generic_no_telephony.mk
which had duplicate local_time.default before.
(fixed in commit 567ea28838)
Change-Id: I09dcdffc14de08b3d25a5fd08364d38b2712bb08
Bug: 24171451
I missed this when I initially added ld.mc as a requirement for
core_minimal.mk. This is required for RenderScript linking on the
device.
Change-Id: Ie3ffa2454214f886c38387f45b34df2dcbebd6e6
