This file is no longer needed because it was needed for supporting
reloadable/dynamic SELinux policy which is no longer supported.
Test: Clean build, flash, device boots without additional denials.
Reboot to recovery works, no additional denials.
Bug: 33642277
Change-Id: Ie65e74b8c8437694bc1ea019ab844f60f9e89ade
This change adds default implementation of configstore@1.0 HAL to all
embedded devices.
Bug: 34314793
Test: build. make sure /system/bin/hw has file
android.hardware.configstore@1.0-service
cherry-picked
1d6ab958c configstore: add default implementation of configstore@1.0 HAL
Merged-in: I65f416560de9d65c57e6cfcb9a6fe26b0140d4a6
Change-Id: Ib68fa325a0f0ce60db0701e16a5a9056411fb398
Test: Marlin and Bullhead build and boot with no new denials.
Test: Marlin and Bullhead recovery boots with no new denials.
Test: Bullhead boots with file_contexts.bin in /
Test: Marlin boot with /system/etc/selinux/plat_file_contexts and
/vendor/etc/selinux/nonplat_file_contexts.
Bug: 36002414
Change-Id: I25af653e060c0c72ea6ad08db8869132885adff8
This removes the unconditional inclusion of secilc and sepolicy.
These artefacts are now conditionally included by system/core/init.
The reason for declaring the conditional inclusion there is because
the desired conditional inclusion based on PRODUCT_FULL_TREBLE cannot
be declared here because PRODUCT_FULL_TREBLE is not yet available when
this file is interpreted.
Test: Device boots, no additional SELinux denials. This test is
performed on a device with PRODUCT_FULL_TREBLE set to true, and
on a device with PRODUCT_FULL_TREBLE set to false.
Test: Device with PRODUCT_FULL_TREBLE set to true contains secilc and
the three *.cil files, but does not contain the sepolicy file.
Device with PRODUCT_FULL_TREBLE set to false contains sepolicy
file but does not contain the secilc file or any *.cil files.
Bug: 31363362
Change-Id: Ia3f38948b71a054918f5f63c594ba62a033e1066
Similar to vendor/manifest.xml on device, this file lists
all HALs defined in the framework (and hence go
to the system image). IServiceManager / IMemory /
etc. getService should consult this file (via VINTF
object under /system/libvintf) to return the HAL in the correct
transport mode.
Bug: 34772739 Create system/manifest.xml
Bug: 35219444 Need interface + instance entry
Test: compiles and manually confirm that system/manifest.xml exist.
Change-Id: I5b3c79b068841e47062cbab6f72d70555801a21d
The SELinux policy compiler needs to be available on-device to compile
SELinux policy at boot on some devices. For now, we're including this
unconditionally, but, going forward, we will include this binary only
on devices which need it.
Test: Device boots -- secilc is not yet used anyway
Bug: 31363362
Change-Id: I7712b70d7c5b4c57bec2cdb44519b42d26758d09
We are splitting android.hidl.memory into android.hidl.allocator and
android.hidl.memory to reflect the fact that we have two separate
interfaces which are served over different transports.
Bug: 35327976
Test: hidl_test, device boots with allocator
Merged-In: I36b1554d20f89ecd60a836c04f788ac83e0a1f5c
Change-Id: I36b1554d20f89ecd60a836c04f788ac83e0a1f5c
We are splitting android.hidl.memory into android.hidl.allocator and
android.hidl.memory to reflect the fact that we have two separate
interfaces which are served over different transports.
Bug: 35327976
Test: hidl_test, device boots with allocator
Change-Id: I36b1554d20f89ecd60a836c04f788ac83e0a1f5c
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Successfully boot with split serivce and property contexts.
Change-Id: I1932684f600dd34d5136e72ac053fae13f0c3eba
Signed-off-by: Sandeep Patil <sspatil@google.com>
Test: make -j64 and flash the device and
ensure that lshal is available on the device.
Bug: 34712252
Change-Id: If61047afb27f9da9f8825ce18e2dfc0b3dec10e2
This change adds default implementation of configstore@1.0 HAL to all
embedded devices.
Bug: 34314793
Test: build. make sure /system/bin/hw has file
android.hardware.configstore@1.0-service
Change-Id: I65f416560de9d65c57e6cfcb9a6fe26b0140d4a6
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Successfully boot with split serivce and property contexts.
Change-Id: I1f218ca842407d30650b8987ded6679672171091
Signed-off-by: Sandeep Patil <sspatil@google.com>
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Successfully boot with split serivce and property contexts.
Change-Id: I6fec8d9b3023de09d69198c9e72311a1f03fe844
Signed-off-by: Sandeep Patil <sspatil@google.com>
Bug: 34134179
Test: both 32 and 64 bit versions of this file are on the device after a
clean build.
Change-Id: I75ab12246c2c44e39b5e863dfec98dc72a36fbbe
This is the service that provides shared memory for hidl/treble
processes.
Bug: 32185232
Test: builds
Change-Id: I79162a781daad7aa704f4ee071fef0bbdea59a18
This reverts commit fad4b4b715.
Incorporating the following fixes:
1.
fsconfig: fix fs_config_* build for discovered headers
When android_file system_config.h is picked up from the device
directory, neither TARGET_FS_CONFIG_GEN or TARGET_ANDROID_FILESYSTEM_CONFIG_H
are specified. Thus, the build is not generating the required fs_config_files
and fs_config_dirs.
Test: Ensure that make fs_config_files works, and produces the same output as before
Build the system image and mount it as a loop back and dump the file system
capabilities with getcap. Verify that output to the supplied
android_file system_config.h
From the loopback of the system.img mount, from CWD system/bin:
$ getcap *
cnss-daemon = cap_net_bind_service+ep
hostapd = cap_net_admin,cap_net_raw+ep
imsdatadaemon = cap_net_bind_service+ep
ims_rtp_daemon = cap_net_bind_service+ep
logd = cap_setgid,cap_audit_control,cap_syslog+ep
mm-qcamera-daemon = cap_sys_nice+ep
pm-service = cap_net_bind_service+ep
run-as = cap_setgid,cap_setuid+ep
surfaceflinger = cap_sys_nice+ep
webview_zygote32 = cap_setgid,cap_setuid,cap_setpcap+ep
webview_zygote64 = cap_setgid,cap_setuid,cap_setpcap+ep
Compared to the android_filesystem_config.h:
{ 00700, AID_CAMERA, AID_SHELL, (1ULL << CAP_SYS_NICE), "system/bin/mm-qcamera-daemon" },
{ 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/pm-service" },
{ 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/imsdatadaemon" },
{ 00755, AID_SYSTEM, AID_RADIO, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/ims_rtp_daemon" },
{ 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "system/bin/cnss-daemon"},
2.
fsconfig: fix error message for duplicate AID
Fixes:
raise ValueError('Duplicate aid value "%u" for %s' % value,
TypeError: %u format: a number is required, not str
and
raise ValueError('Duplicate aid value "%s" for %s' % value,
TypeError: not enough arguments for format string
3.
fsconfig: add test for duplicate ranges
Add a test for duplicate range detection.
4.
fsconfig: skip AID_APP, AID_USER and all ranges
Do not output AID_APP, AID_USER and ranges. A range
is defined as ending with AID_ and ending in _START or
_END.
5.
fsconfig: test for skip AID_APP, AID_USER and all ranges
Test against AIDs that caused the bionic tests to fail.
Change-Id: I95569a9ccc83bd3231f8a6f395532cc2de316bd2
Signed-off-by: William Roberts <william.c.roberts@intel.com>
