This property is many years old and it does not have a property
context associated with it. It is set by the system server (in
particular, ConnectivityService code, in the Tethering module)
and read by init, which does:
on property:net.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${net.tcp_def_init_rwnd}
There is no need to add read access to init because init can read
and write any property.
Test: m
Fix: 170917042
Change-Id: I594b09656a094cd2ef3e4fd9703e46bf7b2edd4c
This property is written by an .rc file - see aosp/1553819 - and
read by the connectivity mainline code in the system server.
Test: m
Bug: 182333299
Change-Id: Ibac622f6a31c075b64387aadb201ad6cdd618ebd
The connectivity service manager gets a reference to the tethering
service in its constructor. This causes SELinux denials when the
RemoteProvisioner app attempts to use the connectivity service manager
to figure out when a network is available in order to provision keys.
Test: No SELinux denials!
Change-Id: Icbd776a9b81ee9bb22a2ac6041198fe0a6d3a0d0
A number of things have changed, such as how the linkerconfig is
managed. Update permissions to reflect the changes.
Bug: 181182967
Test: Manual OTA of cuttlefish
Change-Id: I32207eb7c5653969e5cef4830e18f8c8fb330026
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.
Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I7021a9f32b1392b9afb77294a1fd0a1be232b1f2
As part of the keystore2 requirement, we give the keys used for
resume on reboot a separate context in keystore. And grant system
server the permission to generate, use and delete it.
Bug: 172780686
Test: resume on reboot works after using keystore2
Change-Id: I6b47625a0864a4aa87b815c6d2009cc19ad151a0
Zygote will trigger sdcardfs to read and open media_rw_data_file:dir.
We can safely ignore this message.
Bug: 177248242
Test: Able to boot without selinux warning.
Change-Id: Ie9723ac79547bf857f55fc0e60b461210a4e4557
This allows the FUSE daemon handle FUSE_LOOKUP requests across user boundaries.
Workaround to support some OEMs for their app cloning feature in R
Bug: 162476851
Bug: 172177780
Test: Manual
Change-Id: Ic1408f413ec3dc4917d3acfda2c5f62f9c16f187
Revert submission 1572240-kernel_bootreceiver
Reason for revert: DroidMonitor: Potential culprit for Bug 181778620 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Ic1c49a695:init.rc: set up a tracing instance for BootReceive...
I828666ec3:Selinux policy for bootreceiver tracing instance
Change-Id: I9a8da7ae501a4b7c3d6cb5bf365458cfd1bef906
This property is set to true in rollback tests to prevent
fallback-to-copy when enabling rollbacks by hard linking.
This gives us insights into how hard linking fails where
it shouldn't.
Bug: 168562373
Test: m
Change-Id: Iab22954e9b9da21f0c3c26487cda60b8a1293b47
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.
Bug: 172316664
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I828666ec3154aadf138cfa552832a66ad8f4a201
This is required in addition to reading files under the dir, so that
profcollectd can generate profiles for them.
Test: presubmit
Bug: 166559473
Change-Id: Ic46acab3cfc01c549e2f3ba5e765cb2c4ac8a197
This is required for it to be able to create DEVMAP/DEVMAP_HASH maps.
See kernel source code in kernel/bpf/devmap.c:
static struct bpf_map *dev_map_alloc(union bpf_attr *attr) {
...
if (!capable(CAP_NET_ADMIN)) return ERR_PTR(-EPERM);
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2fc5b1541133859857fc9baa7564965f240c842a
odrefresh should setattr on generated artifacts. This is apparent now
that it is now launched from init which sets a restrictive umask on
forked processes.
Bug: 181397437
Test: manually apply ART APEX update
Change-Id: I8e30c1ef1e42b3b68b3c07e860abb4dc2728e275
