We want to extend vold_prepare_subdirs to set the MLS level to the
correct per-user value for selected user-specific directories.
Grant vold_prepare_subdirs the access it needs to do this, and allow
vold to access the temporary property controlling this.
Bug: 141677108
Test: Manual, with and without property set.
Change-Id: I572462cfd9b8869381f2af5faa29165bb8373d4b
The list permission protects the ability to list arbitrary namespaces.
This is not a namespace specific permission but a Keystore specific
permission. Listing the entries of a given namsepace is covered by the
get_info permission already.
Test: N/A
Merged-In: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8
Change-Id: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8
Earlier changes removed the scripts for ART APEX pre- and post-install
hooks (I39de908ebe52f06f19781dc024ede619802a3196) and the associated
boot integrity checks (I61b8f4b09a8f6695975ea1267e5f5c88f64a371f), but
did not cleanup the SELinux policy.
Bug: 7456955
Test: Successful build and boot
Test: adb install com.android.art.debug && adb reboot
Change-Id: I1580dbc1c083438bc251a09994c28107570c48c5
TimeZoneDetectorService will be accessed as part of a new @SystemApi,
TimeManager.
For CTS testing, the TimeZoneDetectorService needs to be accessible by
the CTS test app, this means the sepolicy for the service needs to be
expanded to less trusted clients. During tests we can expand the Android
permissions to those of the Shell process, but it looks like selinux
still needs this change even though "real" clients will be privileged
apps.
It's probable that the time / time detector services will be used in
public SDK TimeManager APIs in the future.
Bug: 159891384
Test: build only (and CTS tests not yet submitted in AOSP)
Change-Id: Ieb4b40505aa990e572435c098a66c489746d4c45
This service will demonstrate a minimal audio HAL V7.0
Bug: 142480271
Test: atest VtsHalAudioV7_0TargetTest
(HAL and test are not available in AOSP yet)
Change-Id: I2e7f166a47f21eb6c8621d0ddb33cfea84aa20da
Previously, soong emitted APEX_FILE_CONTEXTS_INFOS make var which lists
"all" APEXes and file_contexts.bin used all of them regardless whether
an APEX is installed or not.
This doesn't work when there's a vendor specific APEX which uses vendor
specific labels. Other lunch target may fail to build due to "unknown
label" which is introduced by the vendor APEX which is fact not supposed
to be installed.
Now build/make/core/Makefile creates file_contexts.modules.tmp which is
a collection of file_contexts for flattend apexes which are to be
intalled.
Bug: 166518492
Test: m file_contexts.bin
check contents of file_contexts.concat.tmp
Change-Id: I00c6b87bdc75fc1e04e6f8ecddae6f18762d888a
Denial when not listed in priv_app.te:
E SELinux : avc: denied { find } for pid=3213 uid=10170 name=music_recognition scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:music_recognition_service:s0 tclass=service_manager permissive=0
Bug: 158194857
Test: patched and tested on internal master
Change-Id: I30e9ea79a57d9c353b732b629bd5a829c89bbcb0
Add ro.build.ab_update.gki.prevent_downgrade_{version,spl} for
update_engine to determine whether downgrade in kernel version or SPL is
considered an error or not.
Bug: 162623577
Test: update_engine_unittest
Test: apply OTA
Change-Id: If602924d50a2d5cfb3c256b82491c413a9d39f9d
Call build_policy when determing which compat mapping files should be
included for a given partition.
Bug: 168637766
Test: Built aosp_bonito-userdebug and saw that the compat mapping files
in product/etc/sepolicy/mapping were no longer present.
Test: Added a test 30.0.cil file to bonito's product private compat
directory and saw that it was present at product/etc/sepolicy/mapping.
Change-Id: I83cc28a159b24c0a2c0717dae461983250ab6c25
It only accesses already-open file handles since b/67111829, so has no
need for any access to the directories, not even search access.
Fixes: 161960094
Bug: 141677108
Test: boot, install app
Test: cmd package force-dex-opt <package>
Test: cmd package bg-dexopt-job
Test: No denials seen.
Change-Id: I23dca1f038351be759dd16dff18d16d158604c3c
Following Hridya's patches, I found one more place where
dmabuf system heap access is needed in order to play back video
without ION
Audit error:
09-22 05:34:36.545 478 478 W NPDecoder-CL: type=1400 audit(0.0:65): avc: denied { read } for name="system" dev="tmpfs" ino=631 scontext=u:r:mediaserver:
s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I016a260b936a343a29f0e3bbb565b52bbcb0133a
vendor_init writes ro.cdma.home.operator. properties, and framework
codes reads the properties. This adds them to telephony_config_prop to
explicitly allow it.
Bug: 157958356
Test: boot
Change-Id: I3bd515bd7adcc01ec268e4d2b5a6a2f1fbca7deb
Certain classes of 3rd party apps aren't untrusted_app_domain, but
some comments surrounding this are either outdated or wrong.
Bug: 168753404
Test: N/A
Change-Id: I019c16e26a3778536132f22c37fbea5ae7781af4
