We've got a SELinux warning in kernel-5.10 when "File Transfer" (MTP)
has been enabled by user.
Error log:
avc: denied { ioctl } for pid=5521 comm="MtpServer" path="/dev/usb-ffs/mtp/ep1" dev="functionfs" ino=102677 ioctlcmd=0x67e7 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=0
Repeat steps:
1. Connect the phone to PC with USB cable.
2. Select "File Transfer" (MTP) in "USB Preferences" Menu.
3. Selinux warning will arise after "File Transfer" has been enabled by user
due to an IOCTL access to /dev/usb-ffs/mtp/ep1.
Solution:
To solve this warning, add a sepolicy to allow this type of IOCTL is required.
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Change-Id: Id340fb98062b3cee239343f3800f6dfceadeb572
Bug: 193473440
We ended up with 4 labels for specific APEX files that were all
identical; I've replaced them with a single one
(apex_system_server_data_file).
Additionally I created an attribute to be applied to a "standard" APEX
module data file type that establishes the basics (it can be managed
by vold_prepare_subdirs and apexd), to make it easier to add new such
types - which I'm about to do.
Fix: 189415223
Test: Presubmits
Change-Id: I4406f6680aa8aa0e38afddb2f3ba75f8bfbb8c3c
... to connect to the programs running in the guest VM
Bug: 192904048
Test: atest MicrodroidHostTestCases
Change-Id: Iccb48c14ace11cc940bb9ab1e07cc4926182e06e
This change stops using deprecated functionality and migrates this
repository's custom Soong code to support current practices to manage
path property related dependencies. i.e. when a property includes
something that looks like ":module".
ExtractSourcesDeps has been deprecated in favor of tagging properties
with `android:"path"` which will cause the pathDepsMutator to add the
dependencies automatically.
android.SourceDepTag has been deprecated as the underlying type needs
to be changed and this will no longer work for its current uses.
* ctx.GetDirectDepWithTag(moduleName, android.SourceDepTag) will not
work to retrieve a reference to the module dependency added for
path properties. GetModuleFromPathDep(ctx, moduleName, "") must be
used instead.
* depTag == android.SourceDepTag can no longer be used to check to
see if depTag was used to add a module dependency for a module
reference in a path property without any output tag.
IsSourceDepTagWithOutputTag(depTag, "") must be used instead.
Bug: 193228441
Test: m nothing
Change-Id: I307039612f0f2a541ac7dbfddd052ef78c290f60
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e
Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
This is necessary to run tests or run VMs manually with SELinux
enforcement enabled.
Bug: 192256642
Test: atest VirtualizationTestCases
Change-Id: I03b12fefa4e79644bd2f3410cc255f923834aca4
app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.
Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: manually configure JIT zygote and run
atest \
CtsExternalServiceTestCases:\
android.externalservice.cts.ExternalServiceTest\
#testBindExternalServiceWithZygote
Change-Id: I401808c984edd4e3e4ef335f6a75cecc5cf69eca
As part of PhotoPicker, we will be playing the video. To allow video
playback, allow AudioServer `find` access for mediaprovider_app.
Bug: 169737802
Test: Verified that video playback works in PhotoPicker
Change-Id: Ie5acb77b2f446ee8af6cf384fd5a66bf64a15752
These have never been used in AOSP. Looking at ~10,000 Android
build images confirms that these are not used elsewhere within
the Android ecosystem.
Bug: 192532348
Test: build (failures here would be at build-time)
Change-Id: I787b14b531df31fbb9995156eb2e84719b7c90da
So simpleperf can profile these apps when they are marked to be
profileable/debuggable.
Bug: 192404394
Test: build and run simpleperf to profile com.android.systemui.
Change-Id: Ia2defe725a8fafbcb6c2d20e771b343d8822ccbc
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
In ApexTestCases, a temp file in /data/local/tmp is used via a loop
device, which requires the kernel to read it.
This is only allowed in userdebug/eng.
Bug: 192259606
Test: ApexTestCases
Change-Id: Ic7d3e67a8a3e818b43b7caead9053d82cbcbccf7
Before otapreopt_script was indirectly interacting with otadexopt binder
service via `shell cmd otadexopt` interface, but now the interaction is
moved to otapreopt_chroot binary to reduce amount of times we need to
run this binary.
For more context see: aosp/1750143.
Test: m
Bug: 190223331
Change-Id: Ib32cbbbf8f3bd9b5c1b696e39f776631ae60d712
Enforce new requirements on app with targetSdkVersion=32 including:
- No RTM_GETNEIGH on netlink route sockets.
- No RTM_GETNEIGHTBL on netlink route sockets.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest bionic-unit-tests-static
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Change-Id: I32ebb407b8dde1c872f53a1bc3c1ec20b9a5cb49
