An example app in this domain is com.android.settings.
This was an accidental omission from https://r.android.com/1966610.
Context and rationale remain the same as for that patch, please see the
bug.
Tested: both traced_perf and heapprofd successfully profiled the
settings app with the right additional profileability permissions on a
user build (beta candidate).
Bug: 217368496
Change-Id: Id8a9e16dab7774f8840cdd6b74d59f70584b5156
These properties are used to inform keystore2 and the RemoteProvisioner
app how they should behave in the system in the event that RKP keys are
exhausted. The usual behavior in a hybrid system is not to take any
action and fallback to the factory provisioned key if key attestation is
requested and no remotely provisioned keys are available.
However, there are instances where this could happen on a device that
was intended to be RKP only, in which case the system needs to know that
it should go ahead and attempt to remotely provision new certificates or
throw an error in the case where none are available.
Test: New properties are accessible from the two domains
Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6
Relevant error logs show up when dumpstate do lsof using su identity:
RunCommand("LIST OF OPEN FILES", {"lsof"}, CommandOptions::AS_ROOT);
This is an intended behavior and the log is useless for debugging so I
suppress them.
Bug: 226717429
Test: do bugreport with relevant error gone.
Change-Id: Ide03315c1189ae2cbfe919566e6b97341c5991bb
Thermal Service access needs to be provided to Sdk Sandbox
for Webview to record battery related metrics. We also
provide isolated process access to the file directory for sandbox
so that the renderer process can access it.
Bug: b/226558510
Test: Manual
Change-Id: I1ac14d4df7ab53e567a27086d0418ec612a7686f
wpa_supplicant needs permission to access the Netlink Interceptor HAL.
Bug: 224844967
Test: Modified version of wpa_supplicant can access Netlink Interceptor
Change-Id: I80c6c980b6655beadfaf14535702ad8e96c2befe
commit 7fd8933f0c removed this from host
sepolicy. It's redundant here as well.
Bug: 223596375
Test: Builds
Change-Id: I39d7432c6e31f49de5eb8dca8acc7e9c5d190617
This adds the two top interfaces: IConfig and IModule
to service context, allows the HAL service to call
Binder, and registers the example implementation
service executable.
Bug: 205884982
Test: m
Change-Id: I322e813c96123167ea29b6c25a08ec9677c9b4d1
This isn't really used at the moment, but since the decision was to keep
the capability for future ART change, we should also allow it in CompOS
for consistency.
While I'm on in, rearrange the policy to group mirrored policies
together.
Bug: 209488862
Test: None
Change-Id: Id6afafc42005e711127a1e0831d4dd03e48959eb
This system property is going to be used by vold and MediaProvider to
enable/disable the FUSE-BPF feature in dogfood.
This is a simple way to quickly turn the feature off is breakages are
detected.
Bug: 202785178
Test: adb logcat | grep "FuseDaemon" | grep BPF
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I65ae60b6a505db52b30232b9e5a504eccaafa1eb
This change adds selinux policies to allow EVS HAL implementations to
use cardisplayproxyd, which implements a stable AIDL version of the
automotive display proxy service interface.
Bug: 170401743
Bug: 217271351
Test: Manually confirm that evs_app renders the camera preview through
cardisplayproxyd
Change-Id: Ia301b782c6c031fe8351bdcda5ce264da6b8aa4d
Relevant error logs show up when dumpstate do lsof using su identity:
RunCommand("LIST OF OPEN FILES", {"lsof"}, CommandOptions::AS_ROOT);
This is an intended behavior and the log is useless for debugging so I
suppress them.
Bug: 225767289
Test: do bugreport with no su related avc errors
Change-Id: I0f322cfc8a461da9ffb17f7493c6bbdc58cce7b6
Init will try restorecon /dev/console, together with /dev, at the second
stage boot.
Bug: 193118220
Test: atest MicrodroidHostTestCases
Change-Id: Ie9796368b54bb0773eabf5ff6feb2b4aa41d0bfa
