vendor_boot is labeled as boot_block_device. With
fastboot fetch command, fastbootd needs to read
the vendor_boot device and return it to the host.
Test: pass
Bug: 173654501
Change-Id: I197e39c9e7572dc9a714f36637c02ee9ead2e5f3
This property is many years old and it does not have a property
context associated with it. It is set by the system server (in
particular, ConnectivityService code, in the Tethering module)
and read by init, which does:
on property:net.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${net.tcp_def_init_rwnd}
There is no need to add read access to init because init can read
and write any property.
Test: m
Fix: 170917042
Change-Id: I594b09656a094cd2ef3e4fd9703e46bf7b2edd4c
This property is written by an .rc file - see aosp/1553819 - and
read by the connectivity mainline code in the system server.
Test: m
Bug: 182333299
Change-Id: Ibac622f6a31c075b64387aadb201ad6cdd618ebd
Just before selinux is set up, the kernel context must be allowed to
access the /proc/bootconfig file to read the state of the
androidboot.selinux= property. Such permission was already granted for
accessing the /proc/cmdline file for the same reason.
Bug: 173815685
Test: launch_cvd -extra_kernel_cmdline androidboot.selinux=permissive
Test: launch_cvd -guest_enforce_security=false [bootconfig method]
[..]
init: Permissive SELinux boot, forcing sys.init.perf_lsm_hooks to 1.
[..]
Change-Id: I999c0c9d736bed18e5daea81bb0f8cc78350eba7
The connectivity service manager gets a reference to the tethering
service in its constructor. This causes SELinux denials when the
RemoteProvisioner app attempts to use the connectivity service manager
to figure out when a network is available in order to provision keys.
Test: No SELinux denials!
Change-Id: Icbd776a9b81ee9bb22a2ac6041198fe0a6d3a0d0
A number of things have changed, such as how the linkerconfig is
managed. Update permissions to reflect the changes.
Bug: 181182967
Test: Manual OTA of cuttlefish
Change-Id: I32207eb7c5653969e5cef4830e18f8c8fb330026
It needs to read parameters that have been moved from /proc/cmdline
to /proc/bootconfig
Test: boot Cuttlefish with 5.10 and 4.19 kernels
Bug: 173815685
Change-Id: I437b76634b7c8e779e32b68cd3043d02f4228be5
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.
Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I7021a9f32b1392b9afb77294a1fd0a1be232b1f2
As part of the keystore2 requirement, we give the keys used for
resume on reboot a separate context in keystore. And grant system
server the permission to generate, use and delete it.
Bug: 172780686
Test: resume on reboot works after using keystore2
Change-Id: I6b47625a0864a4aa87b815c6d2009cc19ad151a0
Zygote will trigger sdcardfs to read and open media_rw_data_file:dir.
We can safely ignore this message.
Bug: 177248242
Test: Able to boot without selinux warning.
Change-Id: Ie9723ac79547bf857f55fc0e60b461210a4e4557
This allows the FUSE daemon handle FUSE_LOOKUP requests across user boundaries.
Workaround to support some OEMs for their app cloning feature in R
Bug: 162476851
Bug: 172177780
Test: Manual
Change-Id: Ic1408f413ec3dc4917d3acfda2c5f62f9c16f187
