An example app in this domain is com.android.settings.
This was an accidental omission from https://r.android.com/1966610.
Context and rationale remain the same as for that patch, please see the
bug.
Tested: both traced_perf and heapprofd successfully profiled the
settings app with the right additional profileability permissions on a
user build (beta candidate).
Bug: 217368496
Change-Id: Id8a9e16dab7774f8840cdd6b74d59f70584b5156
These properties are used to inform keystore2 and the RemoteProvisioner
app how they should behave in the system in the event that RKP keys are
exhausted. The usual behavior in a hybrid system is not to take any
action and fallback to the factory provisioned key if key attestation is
requested and no remotely provisioned keys are available.
However, there are instances where this could happen on a device that
was intended to be RKP only, in which case the system needs to know that
it should go ahead and attempt to remotely provision new certificates or
throw an error in the case where none are available.
Test: New properties are accessible from the two domains
Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6
Thermal Service access needs to be provided to Sdk Sandbox
for Webview to record battery related metrics. We also
provide isolated process access to the file directory for sandbox
so that the renderer process can access it.
Bug: b/226558510
Test: Manual
Change-Id: I1ac14d4df7ab53e567a27086d0418ec612a7686f
This adds the two top interfaces: IConfig and IModule
to service context, allows the HAL service to call
Binder, and registers the example implementation
service executable.
Bug: 205884982
Test: m
Change-Id: I322e813c96123167ea29b6c25a08ec9677c9b4d1
This system property is going to be used by vold and MediaProvider to
enable/disable the FUSE-BPF feature in dogfood.
This is a simple way to quickly turn the feature off is breakages are
detected.
Bug: 202785178
Test: adb logcat | grep "FuseDaemon" | grep BPF
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I65ae60b6a505db52b30232b9e5a504eccaafa1eb
Like zygote, webview_zygote, add userfaultfd policy for app_zygote as
well.
Bug: 160737021
Test: manual (use userfaultfd in an app-zygote)
Change-Id: I42f558c5b646bb0bd83b81fddfb608567f95c811
The binder driver now advertises the features it supports through
individual files under /dev/binderfs/features/*. Let all domains have
access to these files to determine how to interact with the driver.
Bug: 191910201
Tested: clients are able to read feature files via libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: Ice5de9efee74e571ef0a23ce093af162fc3b276e
Allow crosvm to write a VM failure reason to virtualizationservice via the pipe provided.
Fixes this denial: avc: denied { write } for path="pipe:[95872]"
dev="pipefs" ino=95872 scontext=u:r:crosvm:s0
tcontext=u:r:virtualizationservice:s0 tclass=fifo_file
Bug: 220071963
Test: Run VM, no denial.
Change-Id: I3beedc5e715aa33209d3df0cae05f45f31e79e66
This is intended for wm properties related to wmshell/sysui.
Using this context allows sysui to manipulate these properties
in debug builds.
Bug: 219067621
Test: manual
Change-Id: I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3
This is necessary for vendor code to be able to send trace packets to
Perfetto, which we are doing as part of an effort to provide more
detailed profiling of some vendor code.
Bug: 222684359
Test: (with downstream policy updates) m selinux_policy
Change-Id: I5ab1c04290f69e391d66a76c262d75cadb794f8d
