to get the list of active APEXes.
Bug: 293949266
Bug: 293546778
Test: CtsPackageSettingHostTestCases
Change-Id: I86f58158b97463206fb76a0c31f29b78874f4c35
While searching the policy I came across some ancient TODOs, which can
now be done.
Bug: 186396070
Test: atest MicrodroidTests MicrodroidHostTests
Test: Manually run vm_shell start-microdroid
Change-Id: I21b9f992394b637399cc074dca8339e3167cf5af
These issues pop up on ocassion, and are very hard to diagnose. Since
renderscript is deprecated, we shouldn't be seeing any new problems with
it, but there isn't pressure to fix these issues as renderscript should
go away on it's own eventually.
Fixes: 291211299
Test: Boot, no audit statements.
Change-Id: I9d595520ecabea562b8e9d4b113bb18db101219a
/data/bootanim location is changed to /data/misc/bootanim as a follow up
change to aosp/q/topic:"bootanim_data_folder". The label is updated for the new file location.
Bug: 210757252
Test: /data/misc/bootanim is labeled correctly. BootAnimation can access this folder.
Change-Id: I9a54cf0dba470302df4180fb17fb104fb483b23d
Adds a policy to run the virtual_camera process which:
- registers a service implementing the camera HAL
- registers a service to reveive communicate with virtual cameras via
system_server
Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera
Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
With the introduction of DCLA (/apex/sharedlibs APEX), .so files can be
symlinked into that APEX, so we need to allow reading symlinks to be
able to link the dex2oat binary successfully.
This fixes "CANNOT LINK EXECUTABLE" errors for dex2oat during OTA
preopting.
Test: Apply an OTA manually and check logs for errors
Bug: 291974157
Change-Id: I9eca91c94e8d33fe618783cea262ea3881957620
It will be used to mount bootstrap APEXes. (with bind-mount to /apex)
Bug: 290148078
Test: atest VendorApexHostTestCases
Change-Id: I1a82af37db368a0eb2bf3a002a47439fb1f8b61d
Add required SELinux configuration to support the sensor
configuration property:
sensors.aosp_low_power_sensor_fusion.maximum_rate
Test: use getprop to verify presence and readability
of the new property. dumpsys sensorservice to verify
sensor service is picking up the property value.
Change-Id: I96b8fd6ce72d7a5bf69b028802b329b03f261585
Since the fsverity_init binary is being removed, remove the
corresponding SELinux rules too.
For now, keep the rule "allow domain kernel:key search", which existed
to allow the fsverity keyring to be searched. It turns out to actually
be needed for a bit more than that. We should be able to replace it
with something more precise, but we need to be careful.
Bug: 290064770
Test: Verified no SELinux denials when booting Cuttlefish
Change-Id: I992b75808284cb8a3c26a84be548390193113668
When VNDK is being deprecated, former VNDK-SP libraries should be loaded
from vendor when system process uses SP-HAL, but this currently fails
because all former VNDK-SP libraries will be marked as vendor library.
This change labels former VNDK-SP libraries installed in the vendor
partition as same labels with SP-HAL libraries so it can be loaded from
system processes.
Bug: 291673098
Test: aosp_cf boot succeded with KEEP_VNDK=false build flag.
Change-Id: I2601ae8e7acd5bbd16fdbe6cee078dfcaa1a5aa2
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.
Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6a80da52aa35a942e064c19fd31c01145d965688)
Merged-In: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
Give lpdump read (but not write) access to /metadata/ota so it can call
SnapshotManager::Dump for diagnostics.
Bug: 291083311
Test: lpdump
Change-Id: I732bcebcd809449c86254ea23785dc2c692bedd5
The first serial device of the VM can be made bi-directional. When it is
used as an output device, it's via /dev/kmsg. microdroid_payload already
has a write access to it. When it is used as an input device, it's via
/dev/console. Grant microdroid_payload read access to the device.
Bug: 263360203
Test: atest MicrodroidTestApp:com.android.microdroid.test.MicrodroidTests#testConsoleInputSupported
Change-Id: Ief039d06ffbddee1e254d662a6c1f321a607d5f5
On 32 bit gsi img, when the webview launch, system will crash, due to
system_server not have the selinux permission of cgroup dir create.
Only 32 bit gsi img has this issue, 64 bit not have.
Bug: 288190486
Test: flash 32-bit GSI image and boot to check whether webview crash
Change-Id: I60fe69087ddbf97b5ebba62bf151626f9422c43c
Test: Manually validated that GmsCore can access the properties, but not a test app.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
(cherry picked from commit c97b3a244f)
The enable_rkpd property is no longer needed. This change removes the
vestigial property.
Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
