This property type represents properties used in CTS tests of userspace
reboot. For example, test.userspace_reboot.requested property which is
used to check that userspace reboot was successful and didn't result in
full reboot, e.g.:
* before test setprop test.userspace_reboot.requested 1
* adb reboot userspace
* wait for boot to complete
* verify that value of test.userspace_reboot.requested is still 1
Test: adb shell setprop test.userspace_reboot.requested 1
Bug: 150901232
Change-Id: I45d187f386149cec08318ea8545ab864b5810ca8
For system prop flags from DeviceConfig namespace "Configuration".
Test: Build and run on local device
Bug: 149420506
Change-Id: If4196b4bf231e7c52f98b92cc0031a08dad06120
Merged-In: If4196b4bf231e7c52f98b92cc0031a08dad06120
This is useful for tools like dumpsys, so that they work on all services
equally as well. Also, so that there is no difference with the regular
service manager.
Bug: 150579832
Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager'
Test: denial is no longer present:
03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0
Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
(cherry picked from commit 52a96cc7dd)
This change updates sepolicies for automotive display service to make it
available to the vendor processes.
Bug: 149017572
Test: m -j selinux_policy
Change-Id: I48708fe25e260f9302e02749c3777c0ca0d84e4b
Signed-off-by: Changyeon Jo <changyeon@google.com>
(cherry picked from commit 17b38d526d)
* allow shell to enable/disable the daemon via a sysprop
* don't audit signals, as some denials are expected
* exclude zygote from the profileable set of targets on debug builds.
I've not caught any crashes in practice, but believe there's a
possibility that the zygote forks while holding a non-whitelisted fd
due to the signal handler.
Bug: 144281346
Merged-In: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1
Change-Id: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1
(cherry picked from commit 008465e5ec)
This fixes a bug introduced in aosp/1143430 where the permission
should have been included for the newly introduced
ashmem_libcutils_device type.
Test: Build
Fixes: 150193534
Change-Id: I5b1ed8d9548f9dab4ad9373f98e21614c07c3d38
(cherry picked from commit 789ebf03ba)
This is to allow adding the Tuner Resource Manager as a system service
Test: cuttlefish
Bug: 147380513
Change-Id: I3f61f2542c7fd934bb69dde08079f830196e2344
(cherry picked from commit 3791549dc4)
This is driven by 3 things:
- netd no longer needs setattr, since this is now done by bpfloader
- nothing should ever unpin maps or programs
- generic cleanups and additional neverallows
Test: build, atest
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I881cc8bf9fe062aaff709727406c5a51fc363c8e
Merged-In: I881cc8bf9fe062aaff709727406c5a51fc363c8e
service.adb.tls.port contains the adbd tcp port running the TLS server.
persist.sys.adb.wifi tells adbd when to enable the TLS server.
Bug: 149348431
Bug: 111434128
Test: Enable wireless debugging, check if TLS port information is
displayed in the Developer options > Wireless debuggging.
Change-Id: I5b5c5a3d064bc003f41386ede9051609fefec53e
The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60
It needs to be able to see supported filesystems to handle external
storage correctly.
Bug: 146419093
Test: no denials
Change-Id: Ie1e0313c73c02a73558d07ccb70de02bfe8c231e
This is renamed to ro.organization_owned to cover the extended
usage now that there is a new management mode for fully-managed
organization owned devices: organization-owned managed profile.
A device is considered fully-managed if there is a device owner
or an organization-owned managed profile.
Bug: 148437300
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest FrameworksServicesTests:SecurityEventTest
Test: atest FrameworksCoreTests:EventLogTest
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithTwoUsers
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingEnabledLogged
Change-Id: Ic3288fe343d3b51c59f08678e114fe9a81cb39a4
To let end user enable/disable the verbose vender logging,
a developer option is added into Settings app which need
directly interact with Dumpstate HAL. In the future, the
same function may be added into SystemUI, eg. as a
QuickSettings tile.
To allow both Settings app and system.ui, system_app is
the best candidate for the sepolicy change.
Bug: 148822215
Test: make && make RunSettingsRoboTests
Change-Id: Ic6ef497505719e07cc37518b78c9dc146cda2d2c
