persist.sys.dalvik.vm.lib.2 is moved to a new context
dalvik_runtime_prop from bad context name.
Bug: 154885206
Test: boot device and see logcat
Change-Id: I9dea95105c266088d5f071bf2d890048f0999b0b
This is an experimental property on Q and doesn't need anymore.
Exempt-From-Owner-Approval: cherry-pick
Bug: 154885206
Test: N/A
Change-Id: I80415edc002345849b375e07fdf5783cf60c2446
Merged-In: I80415edc002345849b375e07fdf5783cf60c2446
(cherry picked from commit 7b59ae50e6)
Steps taken to produce the mapping files:
1. Add prebuilts/api/30.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on rvc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/30.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/30.0/30.0.cil by doing the following:
- copy /system/etc/selinux/mapping/30.0.cil from rvc-dev aosp_arm64-eng
device to private/compat/30.0/30.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 30 sepolicy.
Find all such types using treble_sepolicy_tests_30.0 test.
- for all these types figure out where to map them by looking at
29.0.[ignore.]cil files and add approprite entries to 30.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_30.0 and installs
30.0.cil mapping file onto the device.
Bug: 153661471
Test: m treble_sepolicy_tests_30.0
Test: m 30.0_compat_test
Test: m selinux_policy
Change-Id: I6dfae41fbd5f245119ede540d2c321688d6e7929
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.
Following types are removed.
boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop
Following type is renamed.
wificond_service -> wifinl80211_service
Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
This is unused currently & there are no concrete plans to use it
in the future.
Bug: 130080335
Test: Device boots up & connects to networks.
Test: Will send for regression tests
Change-Id: I785389bc2c934c8792c8f631362d6aa0298007af
Merged-In: I785389bc2c934c8792c8f631362d6aa0298007af
(cherry picked from commit 56dfc06397)
Enforce for priv-apps with targetSdkVersion>=31.
This is the same restriction enforced on third party apps with
targetSdkVersion>=28 in Android 9.0. See:
https://developer.android.com/about/versions/pie/android-9.0-changes-28#per-app-selinux
This change allows selinux to better enforce the application sandbox
providing better defense-in-depth for priv-apps.
In particular it prevents apps running in the priv_app domain
from sharing their private data directory by granting
world-accessible unix permissions.
Bug: 142672293
Test: Build, boot, check for denials.
Change-Id: If2953eb990fdc24aaccf29be3394a9ee1f02185c
Apps signed with the media key share a UID (except
com.android.providers.media.module). However, some
run in the priv_app selinux context, and others run in
the mediaprovider context. That's a bug. Apps which share
a UID should always share an selinux domain. Assign all apps
with the seinfo=media to the mediaprovider selinux domain.
This moves the following packages from the priv_app to the
mediaprovider domain:
com.android.providers.downloads
com.android.providers.downloads.ui
com.android.mtp
com.android.soundpicker
Bug: 154614768
Test: atest CtsDownloadManagerApi28
Change-Id: I21bf68de525fff87c3a02aa59fba3a8d86be5324
Allow the update_engine to use the gsid property and to avoid the VAB
merge when running a DSU.
Bug:147071959
Test: ota_e2etest.py
Change-Id: I40220877625453198b217e788e6b3bfab8437f24
This is intended to be temporary workaround until the Gboard
developers fix their app.
Addresses
avc: denied { bind } for comm="ThreadPoolForeg"
scontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tcontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tclass=netlink_route_socket permissive=
app=com.google.android.inputmethod.latin
Bug: 155595000
Test: build
Change-Id: I432ac1462329efb4bc118c3967a099833e6eb813
[cherry-picking]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Change-Id: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
MediaPlayer cannot load a video from RRO packages.
So, add allow rules which is necessary to play the video.
Bug: b/154795779
Test: check if MediaPlayer can load a video in RRO
Change-Id: I06eed146b6e70a548b6b4f4faf56ba2bccd68140
Cleaning up exported*_system_prop and moving surfaceflinger properties
to new property contexts.
Bug: 152468529
Bug: 154885206
Test: boot cf_x86 and crosshatch
Change-Id: I7f8a684e9cbabce2f55a5292d7b2283ac0716cd9
These comments were added when public/property_contexts was introduced.
The main purpose was to categorize exported properties by accessibility
from vendor. Removing the comments as these are now obsolete and makes
confusion.
Bug: 71814576
Test: N/A
Change-Id: Ibc1c8eefcd68c79b90df82d227fe03f2c09da3a3
Assigning a new context boot_status_prop for following two properties:
- sys.boot_completed
- dev.bootcomplete
Bug: 154885206
Test: boot cf_x86 and crosshatch, see no denials
Change-Id: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
Merged-In: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
(cherry picked from commit 2973c96055)
This changes are necessary to make files under /data/apex/active
be readable by Phonesky.
Test: builds
Bug: 154635217
Merged-In: I14116f02f3d3f0a8390f1d968a3971f15bd4b3f2
Change-Id: I14116f02f3d3f0a8390f1d968a3971f15bd4b3f2
(cherry picked from commit 89d43a51ba)
These events supersede the ion_heap_grow / ion_heap_shrink events on
4.19+ kernels.
Bug: 154302786
Test: build, run on cuttlefish with new kernel, ls -lZ /sys/kernel/tracing/events/ion/ion_stat/enable
Change-Id: I262d8c3269d4261701361ad4b1bdc322f1f03969
The ro.surface_flinger.* properties are using instead of configstore.
Add get_prop (domain, surfaceflinger_prop) to domain.te so that it can
be used on all systems in the same way as configstore.
Bug: 124531214
Test: read properties in java (ag/11226921)
Change-Id: Ifc8a53ea544c761d85e370e177913db91d8a33a2
This prop allows vendors to specify whether their devices
have basic eBPF compatibility (ie. Linux kernel 4.9 with P VINTF).
Make it exported_default_prop because the shared library
libbpf_android is used in a lot of places.
See: https://r.android.com/1261922
Bug: 151753987
Signed-off-by: Felix <google@ix5.org>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifd9af558d84ea1619a6af7fce81b700fdfb22b9f
All apps signed with the media key share a UID. However,
some run in the priv_app selinux context, and others run
in the mediaprovider context. That's a bug. Apps which share
a UID should always share an selinux domain. Assign all apps
with the seinfo=media to the mediaprovider selinux domain.
This moves the following packages from the priv_app to the
mediaprovider domain:
com.android.providers.downloads
com.android.providers.downloads.ui
com.android.mtp
com.android.soundpicker
Bug: 154614768
Test: atest CtsDownloadManagerApi28
Change-Id: I6f96142ef03101568abed670a0e32f952515a590
com.google.android.gms and com.google.android.gsf have a sharedUserId
but were being routed to two different domains:
com.google.android.gms 10145 0 /data/user/0/com.google.android.gms google:privapp:targetSdkVersion=10000
com.google.android.gsf 10145 0 /data/user/0/com.google.android.gsf google:privapp:targetSdkVersion=10000
This change routes them to the same domain: gmscore_app
Bug: 154597032
Test: TH
Change-Id: I0a309a687eb8608604cabf65b58763a1a3262153
This is to clean up bad name "exported_dalvik_prop"
Bug: 154465224
Test: sepolicy_tests
Test: treble_sepolicy_tests 26.0 ~ 29.0
Change-Id: Ie5e738b5985c1db1bca7a857971d8490a7980b5b
It already has read dir access, but was missing file access which
would allow it read /sdcard symlink (/mnt/pass_through/0/self/primary)
Test: adb shell am broadcast -a
android.intent.action.MEDIA_SCANNER_SCAN_FILE
--receiver-include-background -d file:///sdcard
Bug: 153151011
Change-Id: If4d3fa3d96de6dd9672c0c3aa25fb25f196fe295
The following properties are used in AudioService:
ro.config.alarm_vol_default
ro.config.alarm_vol_steps
ro.config.media_vol_default
ro.config.system_vol_default
ro.config.system_vol_steps
ro.config.vc_call_vol_default
Test: properties can be set from vendor with PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE := true
Change-Id: Ib90103173989fcb0723f3d8465df3cd03334cc53
This property controls how much userspace reboot watchdog will wait for
userspace reboot to start before falling back to hard reboot.
Test: builds
Bug: 152803929
Change-Id: I6955e8c94708e7e4161e4f334b03c052d42c0f9f
Defined a new signal intended to allow the system to reboot
the audio/soundtrigger HAL process.
Fixes: 153461865
Test: See main change in topic
Change-Id: I1e4a770670bb1274fa6a23cd0641f2554d4679f7
incident report contains similar data as in a bugreport, but in proto
format.
Test: adb shell incident -p LOCAL 1000
Bug: 152173578
Change-Id: Iee53a3b8a6c95629a1d5c15b4d17f3d680b14178
Together with aosp/1282157 this change allows the service to
create trace files in the /data/misc/perfetto-traces folder.
Before this change they needed to be created by the perfetto
cmdline client and pass the FD.
This doesn't work for host tools like Android GPU Inspector
(https://gpuinspector.dev/) which talk to the UNIX socket
over adb forward and cannot pass a FD from the host.
Bug: 153519149
Test: manual: adb shell perfetto --txt -c -
buffers { size_kb: 65536 }
data_sources {
config {
name: "linux.ftrace"
ftrace_config { ftrace_events: "sched_switch" }
}
}
duration_ms: 5000
write_into_file: true
output_path: "/data/misc/perfetto-traces/ttt"
Change-Id: I184329805741654983843e6a29c1fac19a836f59
Bug: 150761030
Test: setting to 1 in device/google/cuttlefish/shared/device.mk
causes "default-key: Not enough arguments" as expected.
Change-Id: I73262efff0be15f0295d23168049ed9e3721a7f7
blank_screen can not find and use the lights HAL if it cannot use the servicemanager. This
broke turning off the display during shutdown.
Change-Id: I6aff1cb71f805637abc79493ba2574143c5cf7cf
Test: adb root; adb shell setenforce 1; adb shell setprop ctl.start blank_screen
Test: adb logcat -b all | grep 'denied'
Bug: 151363454
There is no change in behavior. These denials were already
being blocked.
Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
