This is needed to check for the presence of certain bits, like,
snapshots, a scratch partition, or a DSU installation, as well as to
create status files (which libfiemap uses to track state).
Bug: 134949511
Test: adb remount; fastboot flash system
Change-Id: I50c10647a5793e4c0f35c3dd32de0bc036921914
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.
Bug: 142672293
Test: TH
Change-Id: I554e0cb00a53fd254c450c20e6c632e58472c3c8
In order for system_server to report ION allocations in dumpsys meminfo
report it needs access to ION sysfs nodes.
Bug: 138148041
Test: dumpsys meminfo
Change-Id: I8b1efebe8f4b06a3975e96ddd6a8cbcacdb52fb2
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Also allow binder service "incremental_service" to be found by service
manager.
Test: boots
BUG: 136132412
Change-Id: I3584a9b69a7e1909f096e3c4579c1834bdfba22e
Refactor to split the logic within statscompanion_service
The goal of the refactor is to simplify the binder calls to statsd
This service will talk to statsd.
At the end of the refactor, this service should be the only
service that talks to statsd.
Bug: 146074223
Test: Manual by creating the service with empty implementation
Change-Id: Ib9c2e10ec195d41062f1001e5a82b374696de939
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.
Bug: 142672293
Test: TH
Change-Id: I57f887e96d721ca69a7228df0a75515596776778
Mark tethering_service as app_api_service to allow applications to find
tethering service. Apps should able to use tethering service to
know tethering state if they have ACCESS_NETWORK_STATE permission, but
they may need privileged permission if they want to change tethering.
Bug: 144320246
Test: -build, flash, boot
-ON/OFF hotspot
Change-Id: Ie414618766144c4a4ad89c5cf03398a472638e71
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.
These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.
Bug: 145267097
Test: build
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
As suggested by nnk@, I have moved the definition for usb_serial_device
to system/sepolicy/public/device.te from
/system/sepolicy/public/hal_can.te.
See suggestion in aosp/1166865
Test: Manually bring up SLCAN device on test hardware with this change
in place
Change-Id: I0a11556a7eae0be2c9e4b090b051969566c2343e
Looking at go/sedenials, we have learnt a lot of other priv-apps rely on
this permission. The auditallow has served its purpose and can now be
removed.
Bug: 142672293
Test: Treehugger
Change-Id: Iba81773b223d2bddbd32a0594c5aa01829252847
From go/sedenials, we see that com.android.vending needs this
permission. The auditallow was in place to see if any priv-apps other
than GMS core need this, and now we know.
Bug: 142672293
Test: Treehugger
Change-Id: Iad6caeb648bc23e85571b758a35649924cdeec69
Zygote/Installd now can do the following operations in app data directory:
- Mount on it
- Create directories in it
- Mount directory for each app data, and get/set attributes
Bug: 143937733
Test: No denials at boot
Test: No denials seen when creating mounts
Change-Id: I6e852a5f5182f1abcb3136a3b23ccea69c3328db
Due to Factory OTA client install in product partition but it also declare coredomian in
its sepolicy setting. That will let Factory OTA unable to find a property type could write system property.
But now Factory OTA have a restore NFC wake function need to write system property for communicate with bootloader.
So we need to create a new property type in system framework which could allow Factory OTA client to write system property.
Bug: 145178094
Test: Manual
Change-Id: Ic549cc939893ec67a46bf28a23ebeb9f9b81bd0b
Add a filegroup for telephony so that it can be shared between the main
telephony apex and the one used for testing.
Bug: 145232009
Test: atest telephony_e2e_tests
Change-Id: I5e20d7b7fc30d2c28de8f339c7b4722e1e438e17
This denial is generally a sign that apps are attempting to access
encrypted storage before the ACTION_USER_UNLOCKED intent is delivered.
Suppress this denial to prevent logspam.
While gmscore_app is running in permissive mode, there might be other
denials for related actions (that won't show up in enforcing mode after
the first action is denied). This change adds a bug_map entry to track
those denials and prevent presubmit flakes.
Bug: 142672293
Test: Happy builds
Change-Id: Id2f8f8ff5cde40e74be24daa0b1100b91a7a4dbb
* changes:
Allow audio_server to access soundtrigger_middleware service
Allow soundtrigger_middleware system service
Allow system service to access audio HAL (for soundtrigger)
Allow tethering service which is running in the same process as network
stack service "find" network stack service. Original design is passing
network_stack binder to tethering service directly when tethering
service is created. To allow creating tethering service and network
stack service in parallel. Let tethering service query network_stack
binder instead.
Bug: 144320246
Test: boot, flash, build
OFF/ON hotspot
Change-Id: Ife0c2f4bdb2cfee4b5788d63d1cfc76af0ccc33c
This is needed to debug native crashes within the gmscore app.
Now that GMS core is running in gmscore_app and not in the priv_app
domain, we need this rule for the new domain. This also adds an
auditallow to the same rule for priv_app, so we can delete it once no
logs show up in go/sedenials for this rule triggerring.
Bug: 142672293
Test: TH
Change-Id: I7d28bb5df1a876d0092758aff321e62fa2979694
Now that GMS core is running in gmscore_app and not priv_app, we need
this rule for the new domain. This also adds an auditallow to the same
rule for priv_app, so we can delete it once no logs show up in
go/sedenials for this rule triggerring.
Bug: 142672293
Test: TH
Change-Id: I308d40835156e0c19dd5074f69584ebf1c72ad58
Public-readable int sysprops for the extension versions
will be in this bucket, e.g. ro.build.version.extensions.r
Bug: 137191822
Bug: 143937447
Test: boot and getprop ro.build.version.extensions.r
Change-Id: I200165d8903221b2d5b824e4eea77ef933919b74
