Otherwise, we will encounter SELinux denials like:
W binder:6200_7: type=1400 audit(0.0:327): avc: denied { read } for name="PrebuiltGmsCoreNext_DynamiteLoader.apk" dev="dm-51" ino=2576 scontext=u:r:artd:s0 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=lnk_file permissive=0
Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Iccb97b1973f8efbe859b59e729f7a0194d05ba5e
Parts of its memory map are donated to guest VMs, which crashes the
kernel when it tries to touch them.
Ideally we would fix crash_dump to skip over such memory, but in
the meantime this would avoid the kernel crash.
Bug: 236672526
Bug: 238324526
Bug: 260707149
Test: Builds
Change-Id: I6c1eb2d49263ccc391101c588e2a3e87c3f17301
In AIDL, there is no 'factory' interface for retrieving
modules, instead each module is registered individually
with the ServiceManager.
Bug: 205884982
Test: atest VtsHalAudioCoreTargetTest
Change-Id: I55cdae0640171379cda33de1534a8dc887583197
is_running flag signals to tests whether fuse-bpf is running
Test: Builds, runs, ro.fuse.bpf.is_running is correct, fuse-bpf works
Bug: 202785178
Change-Id: I0b02e20ab8eb340733de1138889c8f618f7a17fa
I need SIOCGIFFLAGS and SIOCSIFFLAGS in order to bring up/down
interfaces with AIDL CAN HAL.
Bug: 260592449
Test: CAN HAL can bring up interfaces
Change-Id: I67edaa857cffdf3c3fc9f3b17aad5879e09c6385
Otherwise, we will get SELinux denials like:
W binder:6098_5: type=1400 audit(0.0:138): avc: denied { search } for name="framework" dev="dm-6" ino=478 scontext=u:r:artd:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir permissive=0
Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Ic31fdabb16341c51466531c88ca040698331b248
Google is added to the package names to differentiate the Google
specific modules from AOSP modules. This causes RKPD Google module to
not get proper permissions since we permit only AOSP module currently.
Test: Tested on Pixel 7 device
Change-Id: Ia7c39ef85cedf20f705c27a5944b6f87f786cc1b
Change instances of android.hardware.radio.sim.ISap to android.hardware.radio.sap.ISap
ISap is no longer going to be with IRadioSim in the sim
directory. It will be in its own sap directory.
Test: m
Bug: 241969533
Change-Id: I362a0dc6e4b81d709b24b2fa2d879814ab232ad4
Create a label for the encrypted storage. encryptedstore_file & _fs
corresponding to the file & fs type.
encryptedstore process mounts the device on /mnt/encryptedstore with
fscontext & context.
microdroid_payload will have rw & related permissions on it. Also, add a
neverallow rule to deny execute permission on all domains.
encryptedstore needs relabel permission from tmpfs to
encryptedstore_file, along with mount like permissions on the later.
Bug: 261477008
Test: atest MicrodroidTests#encryptedStorageAvailable
Change-Id: Iffa1eb400f90874169d26fc2becb1dda9a1269a9
Nothing in Microdroid uses tcp/udp/rawip sockets. Removing netdomain
attribute for the capability. Note that some processes can use
networking via vsock.
Bug: N/A
Test: watch TH
Change-Id: Id10861d0520770578503dd93b0c72c3d6be993e8
