Bug: 33746484
Test: Successfully boot with original service and property contexts.
Successfully boot with split serivce and property contexts.
Change-Id: I1f218ca842407d30650b8987ded6679672171091
Signed-off-by: Sandeep Patil <sspatil@google.com>
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Successfully boot with split serivce and property contexts.
Change-Id: I6fec8d9b3023de09d69198c9e72311a1f03fe844
Signed-off-by: Sandeep Patil <sspatil@google.com>
Bug: 34134179
Test: both 32 and 64 bit versions of this file are on the device after a
clean build.
Change-Id: I75ab12246c2c44e39b5e863dfec98dc72a36fbbe
This is the service that provides shared memory for hidl/treble
processes.
Bug: 32185232
Test: builds
Change-Id: I79162a781daad7aa704f4ee071fef0bbdea59a18
This reverts commit fad4b4b715.
Incorporating the following fixes:
1.
fsconfig: fix fs_config_* build for discovered headers
When android_file system_config.h is picked up from the device
directory, neither TARGET_FS_CONFIG_GEN or TARGET_ANDROID_FILESYSTEM_CONFIG_H
are specified. Thus, the build is not generating the required fs_config_files
and fs_config_dirs.
Test: Ensure that make fs_config_files works, and produces the same output as before
Build the system image and mount it as a loop back and dump the file system
capabilities with getcap. Verify that output to the supplied
android_file system_config.h
From the loopback of the system.img mount, from CWD system/bin:
$ getcap *
cnss-daemon = cap_net_bind_service+ep
hostapd = cap_net_admin,cap_net_raw+ep
imsdatadaemon = cap_net_bind_service+ep
ims_rtp_daemon = cap_net_bind_service+ep
logd = cap_setgid,cap_audit_control,cap_syslog+ep
mm-qcamera-daemon = cap_sys_nice+ep
pm-service = cap_net_bind_service+ep
run-as = cap_setgid,cap_setuid+ep
surfaceflinger = cap_sys_nice+ep
webview_zygote32 = cap_setgid,cap_setuid,cap_setpcap+ep
webview_zygote64 = cap_setgid,cap_setuid,cap_setpcap+ep
Compared to the android_filesystem_config.h:
{ 00700, AID_CAMERA, AID_SHELL, (1ULL << CAP_SYS_NICE), "system/bin/mm-qcamera-daemon" },
{ 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/pm-service" },
{ 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/imsdatadaemon" },
{ 00755, AID_SYSTEM, AID_RADIO, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/ims_rtp_daemon" },
{ 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/cnss-daemon"},
2.
fsconfig: fix error message for duplicate AID
Fixes:
raise ValueError('Duplicate aid value "%u" for %s' % value,
TypeError: %u format: a number is required, not str
and
raise ValueError('Duplicate aid value "%s" for %s' % value,
TypeError: not enough arguments for format string
3.
fsconfig: add test for duplicate ranges
Add a test for duplicate range detection.
4.
fsconfig: skip AID_APP, AID_USER and all ranges
Do not output AID_APP, AID_USER and ranges. A range
is defined as ending with AID_ and ending in _START or
_END.
5.
fsconfig: test for skip AID_APP, AID_USER and all ranges
Test against AIDs that caused the bionic tests to fail.
Change-Id: I95569a9ccc83bd3231f8a6f395532cc2de316bd2
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Add build targets for split sepolicy files so they'll appear in the root dir for
on-device compilation. nonplat_sepolicy will eventually be removed as it should
be provided by a different partition. Also replace sepolicy.recovery with the
appropriate split components.
Bug: 31363362
Test: Policy builds on-device and boots.
Change-Id: I017dabe6940c3cd20de6c00bb5253274d5a9269b
* changes:
fs_config: add unit tests
fs_config: drop fs_config_files/dirs PRODUCT_PACKAGES requirement
fs_config: add group to build
fs_config: introduce group generator
fs_config: add passwd to build
fs_config: introduce passwd generator
fs_config: generate friendly in AID class
fs_config: limit characters for AID_<name> sections
fs_config: generate oem AID header file
fs_config: android_id header generator
fs_config: support parsing android_filesystem_config.h
fs_config: modularize fs_config_generator
This section will be modified as part of splitting these packages into platform
and non-platform components. Sort them all to avoid conflicts.
Bug: 31363362
Test: Builds
Change-Id: I91fb4d4d7c0a6971a19047ef2eb2981770a122ff
When configuring fs_config_files or fs_config_dirs for file_system
capabilities, drop the requirement that OEMs must add the target
to PRODUCT_PACKAGES. This limits the configuration requirement
to only needing to set the new and preferred TARGET_FS_CONFIG_GEN
or the older TARGET_ANDROID_FILESYSTEM_CONFIG_H method.
Test: That only setting TARGET_FS_CONFIG_GEN results in passwd and
group in the build image.
Change-Id: I818854fa1b3e94edaff59a32bd7cf23cf9b504aa
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Setup PRODUCT_PACKAGES for the group file.
The group file is always included in the product
build but may be empty.
Test: That the group file is in the build.
Change-Id: I2ed1759fbe42a7e6833bb754b00cadaf949f128d
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Setup PRODUCT_PACKAGES for the passwd file.
The passwd file is always included in the product
build but may be empty.
Test: That the passwd file is in the build image.
Change-Id: Iedbb81b15d3b281ff4ad36d28adc2ba4523785f2
Signed-off-by: William Roberts <william.c.roberts@intel.com>
init.trace.rc will be renamed to atrace.rc and use the LOCAL_INIT_RC
mechanism to be included on /system appropriately.
Bug 23186545
Change-Id: Ibb86761d3e8d3c6d194ddb1220f93a71a8c6675b
Change all uses of the file_contexts file to use the
file_contexts.bin file instead.
Depends on
I75a781100082c23536f70ce3603f7de42408b5ba
I43806d564b83d57f05f5c36c8eba7b1ff4831b04
Id560d093440a2aba99cef28c20133b35feebf950
I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400
Change-Id: Iaf8c4b2e420f610425a07f48db7af32bda3f5b3a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This change supports external/libselinux changes to implement
a PCRE formatted binary file_contexts file.
Change-Id: I75a781100082c23536f70ce3603f7de42408b5ba
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Previously the recovery binary was configured to be installed to the
system.img and then got copied to recovery.img in the recovery.img's
build rule.
With this change, a module, such as the recovery binary, can configure
itself to be installed directly to the recovery.img, just like how other
modules get installed to system.img.
Bug: 19667686
Change-Id: I46b0b4a95cf078a68999db9c0f6635d6a3f5cd86
The platform dependence on stlport is now far enough gone that a
regular build no longer builds stlport (woot!). Unfortunately, vendor
blobs don't claim their dependencies, so the build system has to keep
track of this for them.
Bug: 18777920
This reverts commit ef11722e9b.
Change-Id: I6a0dd26dfc6837c419eb5dd2ec5258dd323fd4bf
This ensures that the property is always set by init
prior to starting any other process, which avoids the need
for the bionic systrace code to try to set the property
if it has not already been set to avoid the full cost of
searching for an undefined property each time. See
change I30ed5b377c91ca4c36568a0e647ddf95d4e4a61a for
the relevant bionic code.
The problem with the current bionic code is that it can
trigger an attempt to set this property from any random
process, which will be denied unless the process is already
authorized to set debug properties. This is visible in the
form of various SELinux avc: denied messages and
init sys_prop: permission denied messages in dmesg output.
Allowing all domains to set such properties is undesirable.
Change-Id: I6d953c0c281fd72ad3eba8a479fd258023579b5b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
We don't have separate *64 module names any more.
Now both 32-bit and 64-bit variants are built under the same module name.
Change-Id: I1956a6a88ec6fe280798be01928239d098dfe27a
