Grant access to odsign to read & delete pending key files. Eventually
we will grant the CompOS daemon write access.
Bug: 190166662
Test: Via odsign; no denials seen.
Change-Id: I6d3c3e5b2aec8ef65bd28cbb274d18263534ce66
We ended up with 4 labels for specific APEX files that were all
identical; I've replaced them with a single one
(apex_system_server_data_file).
Additionally I created an attribute to be applied to a "standard" APEX
module data file type that establishes the basics (it can be managed
by vold_prepare_subdirs and apexd), to make it easier to add new such
types - which I'm about to do.
Fix: 189415223
Test: Presubmits
Change-Id: I4406f6680aa8aa0e38afddb2f3ba75f8bfbb8c3c
... to connect to the programs running in the guest VM
Bug: 192904048
Test: atest MicrodroidHostTestCases
Change-Id: Iccb48c14ace11cc940bb9ab1e07cc4926182e06e
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e
Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
This is necessary to run tests or run VMs manually with SELinux
enforcement enabled.
Bug: 192256642
Test: atest VirtualizationTestCases
Change-Id: I03b12fefa4e79644bd2f3410cc255f923834aca4
app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.
Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: manually configure JIT zygote and run
atest \
CtsExternalServiceTestCases:\
android.externalservice.cts.ExternalServiceTest\
#testBindExternalServiceWithZygote
Change-Id: I401808c984edd4e3e4ef335f6a75cecc5cf69eca
As part of PhotoPicker, we will be playing the video. To allow video
playback, allow AudioServer `find` access for mediaprovider_app.
Bug: 169737802
Test: Verified that video playback works in PhotoPicker
Change-Id: Ie5acb77b2f446ee8af6cf384fd5a66bf64a15752
These have never been used in AOSP. Looking at ~10,000 Android
build images confirms that these are not used elsewhere within
the Android ecosystem.
Bug: 192532348
Test: build (failures here would be at build-time)
Change-Id: I787b14b531df31fbb9995156eb2e84719b7c90da
So simpleperf can profile these apps when they are marked to be
profileable/debuggable.
Bug: 192404394
Test: build and run simpleperf to profile com.android.systemui.
Change-Id: Ia2defe725a8fafbcb6c2d20e771b343d8822ccbc
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
In ApexTestCases, a temp file in /data/local/tmp is used via a loop
device, which requires the kernel to read it.
This is only allowed in userdebug/eng.
Bug: 192259606
Test: ApexTestCases
Change-Id: Ic7d3e67a8a3e818b43b7caead9053d82cbcbccf7
Before otapreopt_script was indirectly interacting with otadexopt binder
service via `shell cmd otadexopt` interface, but now the interaction is
moved to otapreopt_chroot binary to reduce amount of times we need to
run this binary.
For more context see: aosp/1750143.
Test: m
Bug: 190223331
Change-Id: Ib32cbbbf8f3bd9b5c1b696e39f776631ae60d712
Enforce new requirements on app with targetSdkVersion=32 including:
- No RTM_GETNEIGH on netlink route sockets.
- No RTM_GETNEIGHTBL on netlink route sockets.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest bionic-unit-tests-static
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Change-Id: I32ebb407b8dde1c872f53a1bc3c1ec20b9a5cb49
