Devices that support userspace reboot are required to set this property
to true.
Test: builds
Bug: 135984674
Change-Id: I6cbff586e8813cf0a44d2ff8d6a2cf6dbdc295f0
Adding two labels: "incfs" for the incremental filesystem and
"incremental_root_file" for file paths /data/incremental/*.
Doc: go/incremental-selinux
Test: manual
Change-Id: I7d45ed1677e3422119b2861dfc7b541945fcb7a2
More historical context in http://b/18504118
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggering.
Bug: 142672293
Test: TH
Change-Id: I5729b89af83090e6e31c012c8acb0f0114c87d3d
This adds the type and permissions for the default implementation to talk to
its kernel module.
Bug: 63928581
Test: boot Pixel 4 with default implementation
Change-Id: Ie847e4db975b95e90ea64937401e8d8a8ed812cb
As part of extending linkerconfig execution based on mount namespace and
APEX status, linkerconfig will be executed from init with logwrap. To
support this there should be an extra sepolicy to allow linkerconfig to
be executed with logwrap.
Bug: 144664390
Test: m -j passed & cuttlefish booted
Change-Id: Ia8b970a1c396a769eff4b102afbf4d33802923cf
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.
Bug: 142672293
Test: TH
Change-Id: I554e0cb00a53fd254c450c20e6c632e58472c3c8
In order for system_server to report ION allocations in dumpsys meminfo
report it needs access to ION sysfs nodes.
Bug: 138148041
Test: dumpsys meminfo
Change-Id: I8b1efebe8f4b06a3975e96ddd6a8cbcacdb52fb2
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Also allow binder service "incremental_service" to be found by service
manager.
Test: boots
BUG: 136132412
Change-Id: I3584a9b69a7e1909f096e3c4579c1834bdfba22e
Refactor to split the logic within statscompanion_service
The goal of the refactor is to simplify the binder calls to statsd
This service will talk to statsd.
At the end of the refactor, this service should be the only
service that talks to statsd.
Bug: 146074223
Test: Manual by creating the service with empty implementation
Change-Id: Ib9c2e10ec195d41062f1001e5a82b374696de939
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.
Bug: 142672293
Test: TH
Change-Id: I57f887e96d721ca69a7228df0a75515596776778
Mark tethering_service as app_api_service to allow applications to find
tethering service. Apps should able to use tethering service to
know tethering state if they have ACCESS_NETWORK_STATE permission, but
they may need privileged permission if they want to change tethering.
Bug: 144320246
Test: -build, flash, boot
-ON/OFF hotspot
Change-Id: Ie414618766144c4a4ad89c5cf03398a472638e71
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.
These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.
Bug: 145267097
Test: build
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
