system_ext_userdebug_plat_sepolicy.cil is a copy of
userdebug_plat_sepolicy.cil (debug_ramdisk) that's installed in the
system_ext partition.
The build rule is gated by a BoardConfig variable, so products other
than GSI cannot accidentally install this module.
*Unclean cherry-pick* prebuilts/api/32.0/private/file_contexts is
updated in this change, which is not in the original change.
Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I43adc6adad5e08dcc8e106d18fdacef962310883
Merged-In: I43adc6adad5e08dcc8e106d18fdacef962310883
(cherry picked from commit 814f3deb94)
Steps taken to produce the mapping files:
1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.
Bug: 189161483
Bug: 207344718
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
Merged-In: I6264b9cf77b80543dfea93157b45b864157e2b14
(cherry picked from commit 4f20ff73ee)
Bug: 185400304
Buh: 201957239
Test: mm
This CL was merged to sc-dev, but reverted due to wrong Merged-In tag.
It resulted in mismatch between sc-dev and other branches like aosp,
internal main, etc. This change needs to reland on sc-dev.
Ignore-AOSP-First: already merged in AOSP; this is a reland
(cherry picked from commit 407b21b3cd)
Change-Id: I66703249de472bc6da16b147a69803ff141c54d3
In virtualized deployments of Android, it can be useful to have
access to a description of the hypervisor/host environment being
used to run the guest OS instance.
This is represented by means of a new system property
ro.boot.hypervisor.version, which is meant to convey a
free-form descriptor of the current host/hypervisor version
The property is meant to be provided to Android as androidboot.
by whatever host-specific means are used to supply other boot
properties to the target Android instance. Access could be later
opened to other vendor processes to set if needed for specific
setups where init is not a sufficiently-early stage for
host/guest communication. Such setups are not known at this time.
For a native Android incantation, the property defaults to
being missing
Other properties could later be added to this same namespace
and context if they turn out to be useful in specific scenarios.
Bug: 178749018
Test: build cuttlefish
Change-Id: Id721c14ef1958b525c2866a660dcae8fd176a79d
Merged-In: Id721c14ef1958b525c2866a660dcae8fd176a79d
Ignore-AOSP-First: confidential feature
Add a property to be read by system_server's AudioService that
indicates whether a spatializer effect is available on the device.
If true, spatialization functionality will be initialized.
Bug: 188502620
Test: adb shell dumpsys audio | grep -A 4 Spatial
Change-Id: I759e2fb32087b6e8e2a578b6ec804fb7c4f1d4f1
Bug: 199739880
Test: m -j selinux_policy and run evs_app
Change-Id: If0df74ad4708b00f213c42516eb404b98873cf4f
Merged-In: If0df74ad4708b00f213c42516eb404b98873cf4f
This is required for getting head-tracking data for Immersive Audio.
Bug: 188502620
Test: log-based verification of sensor data coming through.
Change-Id: I183ce5106401ae7853096e80a8650cc7919e6221
Merged-In: I183ce5106401ae7853096e80a8650cc7919e6221
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
The policy under device folder will be removed for GSI, so move the
policy to common code.
Bug: 196326750
Test: build pass
Change-Id: I9544db1771ba7b94a98913bf892386f95cf919be
Merged-In: I9544db1771ba7b94a98913bf892386f95cf919be
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`
Bug: 187105270
Test: booted twice on Cuttlefish
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
