Addresses the following denial:
init: avc: denied { set } for property=opengles.version scontext=u:r:qemu_props:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
Bug: 25148690
Change-Id: I4b197eeabfe37e794104e4e686e9e388b5bc3e0c
https://android-review.googlesource.com/175922 removed all uses
of system_server execmem and neverallowed it. The x86 emulator policy
inappropriately includes this rule. Delete it.
Fixes the following build breakage:
libsepol.report_failure: neverallow on line 473 of external/sepolicy/system_server.te (or line 12452 of policy.conf) violated by allow system_server system_server:process { execmem };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
Change-Id: I7fbfaa0a09e8f4e8a372d2f1a64bbe58d5302204
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
We don't have dm-verity enabled on eng builds, so don't waste time
generating metadata for images.
Change-Id: Ib2c8d459bb50c30dc32a4ea1fdedc152c09a3a0f
(cherry picked from commit beae6395fc)
Seems it's copied from target/product/generic_no_telephony.mk
which had duplicate local_time.default before.
(fixed in commit 567ea28838)
Change-Id: I09dcdffc14de08b3d25a5fd08364d38b2712bb08
Bug: 24171451
I missed this when I initially added ld.mc as a requirement for
core_minimal.mk. This is required for RenderScript linking on the
device.
Change-Id: Ie3ffa2454214f886c38387f45b34df2dcbebd6e6
init.trace.rc will be renamed to atrace.rc and use the LOCAL_INIT_RC
mechanism to be included on /system appropriately.
Bug 23186545
Change-Id: Ibb86761d3e8d3c6d194ddb1220f93a71a8c6675b
When the toolbox domain was introduced, we allowed all domains to exec it
to avoid breakage. However, only domains that were previously allowed the
ability to exec /system files would have been able to do this prior to the
introduction of the toolbox domain. Remove the rule from domain.te and add
rules to all domains that are already allowed execute_no_trans to system_file.
Requires coordination with device-specific policy changes with the same Change-Id.
Change-Id: Ie46209f0412f9914857dc3d7c6b0917b7031aae5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Size increase taken as a precaution against recent built breakage
due to lack of space on a number of targets (e.g. x86, ARM64).
System and user-data image sizes set to match currently most common
setup for the emulator: system image: 1.25gb, user-data image 700mb.
Change-Id: I7118eb26dd78f5fa9e4f0006e15c8d47dee8e28c
Change all uses of the file_contexts file to use the
file_contexts.bin file instead.
Depends on
I75a781100082c23536f70ce3603f7de42408b5ba
I43806d564b83d57f05f5c36c8eba7b1ff4831b04
Id560d093440a2aba99cef28c20133b35feebf950
I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400
Change-Id: Iaf8c4b2e420f610425a07f48db7af32bda3f5b3a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This change supports external/libselinux changes to implement
a PCRE formatted binary file_contexts file.
Change-Id: I75a781100082c23536f70ce3603f7de42408b5ba
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Browser is going away. Browser2 is a tiny, WebView-based browser for
testing purposes. BookmarkProvider will take over the
"com.android.browser;browser" authorities and return empty Cursors for
all queries. See packages/apps/Browser2/README for how to obtain a
regular browser.
BUG:19351071
Change-Id: I8af605ec65a1185923598ba553a98e3fd9b887db
This fixes the issue with the emulator "-shell" option.
Init tries to open the console which is passed through
the kernel androidboot.console property, but fails to
open it because "avc" denies it. Init only has permissions
to open console_device in rw mode. This ensures that
/dev/ttyS2 is properly labeled as console_device.
Replaced tabs with spaces.
Change-Id: I9ef94576799bb724fc22f6be54f12de10ed56768
