This is checked when getting the time of last successful authentication
from keystore2. The auth_service is the only expected caller.
Bug: 303839446
Test: manual
Change-Id: Idf222e69c0553a7be94206b519a95a4006e69507
This reverts commit d1401b7a2f.
Reason for revert: DroidMonitor-triggered revert due to breakage, bug 308055894
Change-Id: Ic22a37a6d32662344da80fb28751e8c34803a82e
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.
Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901
This should be no-op but will be useful when we implement Trunk Stable
aware contexts. Also this removes complexity from Android.mk.
Bug: 306563735
Test: build
Change-Id: Ie7e2c2c8c1e813af0ea617a2e29589b660c1bdaf
Add neverallow reading these files because this came
up in a review recently, and they contain information
about processes which is important for security, so
we'd like to avoid accidentally granted these
permissions.
Fixes: 306036348
Test: build (is build time change)
Change-Id: I8b8917dacd2a65b809b7b6fb7c1869a3db94156b
Create a new system property for game default frame
rate. A toggle system setting UI will set
`persist.graphics.game_default_frame_rate.enabled`
via GameMangerService in system_server.
`persist.graphics.game_default_frame_rate.enabled` == 1:
default frame rate enabled
`persist.graphics.game_default_frame_rate.enabled` == 0:
default frame rate disabled
Bug: 286084594
Test: m, flash and boots properly on Raven
Change-Id: Iae7ebf39aad6c81475ef3d289d750a818fd4ef79
This tests the original private/file_contexts and not the built version
(as it may contain the overlay files or asan entries). This ensures that
all the rules in the base files are used.
Another test will be later added to validate the built version (but
without requiring that all rules are used).
Bug: 299839280
Test: mm
Change-Id: I5efdde3c7f5211472cd9a0cf8def243aef640825
If file_contexts_test is given a test_data attribute, it will use
`checkfc -t` to validate the file_context against it, instead of using
the policy. Both options are mutually exclusive.
Bug: 299839280
Test: m
Change-Id: I3f541e0d0bb5d03ed146e27d67bc811cda3164b1
Keep the type of context and decides on the flags within
GenerateAndroidBuildActions. This is a no-op but will help supporting
other options for checkfc.
Bug: 299839280
Test: mm
Change-Id: I3a6f9db9d890e0a0ccb3eca37c01b2977fa2e2d1
Add test entries for property_service_for_system and virtual_camera.
Re-order file_contexts so that /data/vendor/tombstones/wifi and
/data/misc/perfetto-traces/bugreport are labelled correctly.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./contexts/plat_file_contexts_test pass
Change-Id: Ifb4453d02327b5cf678e6a4cd927b5df0960086b
For the file backend, libselinux keeps track of which rules has matched.
Set up the callback and capture any log message from selinux_stats. If,
at least one rule has not been used, exit with the status code 1.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./tests/plat_file_contexts_test
Change-Id: I33d88b4234756cd13e29c5c8c081d97b6590810e
When receiving the binder transaction errors reported by Android
applications, AMS needs a way to verify that information. Currently
Linux kernel doesn't provide such an API. Use binderfs instead until
kernel binder driver adds that functionality in the future.
Bug: 199336863
Test: send binder calls to frozen apps and check logcat
Test: take bugreport and check binder stats logs
Change-Id: I3bab3d4f35616b4a7b99d6ac6dc79fb86e7f28d4
The denial is correct, but is causing test failures. However it
appears to be harmless and VMs are operating just fine.
Suppress it until the correct policy is ready.
Bug: 306516077
Test: atest MicrodroidHostTests
Change-Id: I5d8545add4927c2521c3d4e9dc2b5bedb91c0f45
Introduce a new sysprop
`ro.surface_flinger.game_default_frame_rate_override`
to set the default frame rate for games.
Bug: 286084594
Change-Id: Ifdbf5bc9621976a0583df49eb9531de1c423385b
Test: N/A
A new mode for checkfc is introduced (-t) which takes a file_contexts
and a test data file. Each line in the test data file contains a path
and the expected type. checkfc loads the file_contexts and repeatedly
calls selabel_lookup(3) to verify that the computed type is as expected.
This mode can be used to confirm that any modification to file_contexts
or its build process is benign.
A test data file (plat_file_contexts_test) is added. This file was
manually created based on private/file_contexts. Each static path was
copied as-is. Each regular expression was expanded into a couple of
entries. For instance, /dev/adf[0-9]* generated /dev/adf, /dev/adf0 and
/dev/adf123.
libselinux keeps track of which specification is being hit when using
selabel_lookup. When calling selabel_stats(3), the file backend will
output a warning if a specification has not been used. This can be
leveraged to ensure that each rule is at least hit once. This property
will be leveraged in a follow-up change (by running the test as part of
the build process), to ensure that the plat_file_contexts_test file
remains up-to-date (that is, when an entry is added to
private/file_contexts, the build will fail unless a test is also added
to plat_file_contexts_test to exercice the specification/regular
expression).
Test: m checkfc && checkfc -t ./private/file_contexts ./tests/plat_file_contexts_test
Bug: 299839280
Change-Id: Ibf56859a16bd17e1f878ce7b0570b2aead79c7e0
The get_state permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#getState() served by keystore2. That
API has been removed because it was unused
(https://r.android.com/2768246). Therefore, stop granting the get_state
permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
Bug: 296464083
Test: atest CtsKeystoreTestCases
Change-Id: Ie6c7b17a8652f86a75d48c134a6e71a634d63772
