This is for more information on binder threads during ANRs.
Test: adb shell am hang
Bug: 316970771
Change-Id: I905c8b605540aabb7463cb0e1b3a9a8b07f8d5cb
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
Vendor_init needs to read this property to process event triggers
depending on ro.product.build.16k_page.enabled .
Test: th
Bug: 319335586
Change-Id: I4f52073fbd2a138d84162710c925f65cc705c356
- Add pm.dexopt.* properties.
- Add rules for running artd in chroot.
Bug: 311377497
Test: manual - Run Pre-reboot Dexopt and see no denial.
Change-Id: If5ff9b23e99be033f19ab257c90e0f52bf250ccf
While testing aconfig storage file read by a demo app. We discovered
the need to do metadata_file:dir search in logcat log.
Bug: b/312459182
Test: demo app start
Change-Id: I0872ff192280228cc2270ae4a04755bc5cfbd9cc
Allow camera server to switch the scheduling policy
for certain time critical threads.
Bug: 323292530
Test: Manual using camera application,
Camera CTS
Change-Id: Ib665009c095efc21f65b1d8b3ddd9c2528c1c794
Just allow aconfig_storage_metadata_file:file read permission is not
enough to read the pb file, we also need
aconfig_storage_metadata_file:dir search permission.
Bug: b/312459182
Test: audit2allow after having demo app access the file
Change-Id: I1790ea84a56e83f43313af82378f245e2bb6597e
LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.
Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>
It is used by profcollectd to notify vendor_init to trigger
a manual probe of coresight etr.
Bug: 321061072
Test: build and run on device
Change-Id: I5aa65f8d5a25f1284f09111c940f0a2c1a62ac18
This new property is to set an apex name when input configuration files
are bundled in an apex.
libinput checks the new sysprop when loading input configuration.
This removes hard-coded apex name (com.android.input.config).
Bug: 315080500
Test: adb shell dumpsys input
# set "touch.orientationAware = 0" in Touchscreen_0.idc
# build/install the input config apex
# Observe the Input configuration
# "Touch Input Mapper" shows "OrientationAware: false"
Change-Id: Ie0bf30bff2ed7f983caa5b893994a5bd2759e192
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.
Upstream, the support for that access vector was removed from kernel
5.16 onwards.
It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).
Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.
Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
This reverts commit f77cf6780c.
Reason for revert: sepolicy change is still necessary. (won't break things)
Change-Id: If47218b39ac34c21f3e09d29a5e713b240c4f0a6
Bootanimation only access boot animation files on oem. Label
these files with bootanim_oem_file and remove oemfs file allow rule.
Also allow mediaserver and app to read this new label as they can access
/oem/media folder.
Bug: 324437684
Test: Confirm that boot animation on oem is shown without violations
Change-Id: I940ccde9391a5daa920f31926d32e68b1de5b7eb
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.
Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
1, /metadata/aconfig is the directory that stores aconfig storage
related protobuf files and flag value files boot copy. Grant read
access to everybody. But limit the write access only to init and
aconfig storage service process (to be created later)
2, /metadata/aconfig/flags is the sub directory that stores persistent
aconfig value files.Initially set it up to be accessible by
system_server process only . When aconfig storage service process is
created, will add another permission to storage service process.
Context to why we are hosting flag data on /metadata partition:
Android is adopting trunk stable workflow, flagging and A/B testing is
essential to every platform component. We need some place to host the
flag that are accessible to system processes that starts before /data
partition becomes available.
In addition, there has been a long discussion regarding utilizing
/metadata partition for some process data, another example is mainline
modules, we are trying to make them to be able to be mounted earlier,
but cannot due to /data availability.
Bug: 312444587
Test: m
Change-Id: I7e7dae5cf8c4268d71229c770af31b5e9f071428
Grant bootanimation all read permissions on oem using
r_dir_file macro instead of specifying individual permissions.
This prevents failure to read the bootanimation on oem if
partition has been remounted.
After remount, bootanimation will log violation for the
/oem/media directory when reading an existing file (boot animation can
is still played).
avc: denied { read } for pid=2820 comm="bootanimation" name="media"
dev="sda75" ino=152 scontext=u:r:bootanim:s0
tcontext=u:object_r:oemfs:s0 tclass=dir permissive=0
After remount, if modifying/adding file in /oem/media directory,
bootanimation will fail to read the bootanimation zip, now with
violation:
avc: denied { read } for pid=2838 comm="bootanimation" name="media"
dev="dm-8" ino=70 scontext=u:r:bootanim:s0 tcontext=u:object_r:oemfs:s0
tclass=dir permissive=0
Bug: 324437684
Test: adb remount
replace /oem/media/bootanimation.zip with custom animation
adb reboot
confirm that expected bootanimation is played
confirm no selinux violations are seen in logcat
Change-Id: Iaafdeeacaf88d8f5c1214700edc8eec2824b0159
Bug: 311377497
Test: manual - Call
getDexoptChrootSetupServiceRegisterer().waitForService()
Test: manual - Set up a chroot environment and call
getArtdPreRebootServiceRegisterer().waitForService()
Change-Id: I50b5f7f858dab37f05174cb9787f64303d50d083
This is used for mapper sphal library which is defined in VINTF and
queried via servicemanager.
Bug: 317178925
Test: cuttlefish loads mapper.minigbm
Change-Id: Ibddc0239e52065a89c656f885f34835406665009
Memhealth driver has been removed from all android kernels.
Test: m
Bug: 315560026
Change-Id: Ia4f91bde3a999a490b42b57abcd521ff9cc94633
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Description:
Since the Android N project uses Keymaster 1.5 and added full disk encryption support in vold when upgrading to Android T, the SELinux rules need to allow vold to use the keymaster HAL directly.
Bug: 319506037
Change-Id: Ib21c59156a6de0c2b148e33de2fe8efb3606e697
This change updates neverallow list to allow accessing udp
sockets from hal_bluetooth_server.
Bug: 305104428
Change-Id: Ic1d80c7cb1aa62969b541ee30686afd57ec51fb0
This change updates neverallow list to allow accessing tcp
sockets from hal_bluetooth_server.
Bug: 305104428
Change-Id: I609380108ccd7b73ed251dd006caa0849bf6c53c
Legacy VPNs are removed, including the usage of mtpd/pppd.
Only the type ppp and mtp remain as there are usages elsewhere.
Bug: 161776767
Test: m, presubmit
Change-Id: I556b0daa55f9ea7bf844f6a52d10dda02e324ee0
