This is needed for the transcoding service to callback to the
client through ITranscodingClientCallback interface.
Bug: 145628554
Test: atest MediaTranscodeManagerTest
Change-Id: I239259ed702fa01c235f57e0a96e887472365834
Steps taken to produce the mapping files:
1. Add prebuilts/api/30.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on rvc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/30.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/30.0/30.0.cil by doing the following:
- copy /system/etc/selinux/mapping/30.0.cil from rvc-dev aosp_arm64-eng
device to private/compat/30.0/30.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 30 sepolicy.
Find all such types using treble_sepolicy_tests_30.0 test.
- for all these types figure out where to map them by looking at
29.0.[ignore.]cil files and add approprite entries to 30.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_30.0 and installs
30.0.cil mapping file onto the device.
Bug: 153661471
Test: m treble_sepolicy_tests_30.0
Test: m 30.0_compat_test
Test: m selinux_policy
Change-Id: I6dfae41fbd5f245119ede540d2c321688d6e7929
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.
Following types are removed.
boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop
Following type is renamed.
wificond_service -> wifinl80211_service
Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
This is unused currently & there are no concrete plans to use it
in the future.
Bug: 130080335
Test: Device boots up & connects to networks.
Test: Will send for regression tests
Change-Id: I785389bc2c934c8792c8f631362d6aa0298007af
Merged-In: I785389bc2c934c8792c8f631362d6aa0298007af
(cherry picked from commit 56dfc06397)
Lmkd should implement reinit functionality and to do so it needs to
communicate with its running instance using socket.
Bug: 155149944
Test: lmkd --reinit
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I81455fe187830081d88f001b4588f7607b1bd1d0
This is on the system partition and thus must be system_file_type:
neverallow check failed at out/target/product/vsoc_x86/obj_asan/ETC/userdebug_plat_sepolicy.cil_intermediates/userdebug_plat_sepolicy.cil.tmp:7703 from system/sepolicy/public/domain.te:950
(neverallow coredomain base_typeattr_272 (file (entrypoint)))
<root>
allow at out/target/product/vsoc_x86/obj_asan/ETC/userdebug_plat_sepolicy.cil_intermediates/userdebug_plat_sepolicy.cil.tmp:16250
(allow asan_extract asan_extract_exec (file (read getattr map execute open entrypoint)))
Bug: 155905226
Test: build without above neverallow error
Change-Id: I6987582fcc013c95efe7e6758d96ec089168ea9d
Enforce for priv-apps with targetSdkVersion>=31.
This is the same restriction enforced on third party apps with
targetSdkVersion>=28 in Android 9.0. See:
https://developer.android.com/about/versions/pie/android-9.0-changes-28#per-app-selinux
This change allows selinux to better enforce the application sandbox
providing better defense-in-depth for priv-apps.
In particular it prevents apps running in the priv_app domain
from sharing their private data directory by granting
world-accessible unix permissions.
Bug: 142672293
Test: Build, boot, check for denials.
Change-Id: If2953eb990fdc24aaccf29be3394a9ee1f02185c
