ro.tuner.lazyhal: system_vendor_config_prop to decide whether the lazy
tuner HAL is enabled.
tuner.server.enable: system_internal_prop to decide whether tuner server
should be enabled.
Bug: 236002754
Test: Check tuner HAL and framework behavior
Change-Id: I6a2ebced0e0261f669e7bda466f46556dedca016
Add example implementation services: IFactory under android.hardware.audio.effect.
An audio HAL AIDL example service will register with the default implementations.
Bug: 238913361
Test: m, and flash with Pixel 6a.
Change-Id: Ib331899fd47b6b334b120e20617174d01e71ddb8
/system/bin/kexec in Microdroid is now properly labeled as kexec_exec.
The binary is responsible for loading the crashkernel into memory so
that when a kernel panic occurs the crashkernel is executed to dump the
RAM.
Microdroid_manager executes the kexec binary as part of the boot
process. It does this only when the kernel is booted with a memory
reserved for the crashkernel, which is determined by checking if
`crashkernel=` is included in the cmdline. For this, it is allowed to
read /proc/cmdline.
Bug: 238404545
Test: boot microdroid
Change-Id: Id08ba9610e3849ba811367917df8dfcc1774b561
/proc/meminfo contains useful information about the amount of memory
available to the VM and the payload. Let microdroid_payload domain read
the file.
Test: atest MicrodroidBenchmarks
Change-Id: I22d4888cf84e78ce8ed0803e7ebdeb7fca370e1f
compos has the microdroid_payload attribute, so we don't need to
duplicate rules that apply to that. This .te should only have things
that differentiate compos from other payloads.
Test: Presubmits
Change-Id: Ib5b8c52f9a068a583fc1471ac6cf0e4aef906857
The profilers cannot open files under
/data/misc/apexdata/com.android.art/dalvik-cache because they're not
allowed to search /data/misc/apexdata with the apex_module_data_file
label.
Example denial:
avc: denied { search } for name="apexdata" dev="dm-37" ino=89
scontext=u:r:traced_perf:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir permissive=0
Tested: patched & flashed onto a TM device, then profiled system_server
Bug: 241544593
Change-Id: Ifd8b94a9ebcae09701e95f6cd6a14383209963db
When a kernel panic occurs in a debug-enabled VM, a crashdump is created
in the VM and then it is flushed to the per-VM host-side file
/data/misc/virtualizationservice/<cid>/ramdump. Virtualizationservice
then opens the file and sends the FD to the owning client. This change
allows the client to read the ramdump via the FD.
A client accessing ramdump of other VM is prohibited since opening the
ramdump file is not allowed for the client; only virtualizationservice
can do it. Furthermore, ramdumping will be enabled only for the
debuggable VMs, which means reading it doesn't actually reveal any
(true) secret.
Bug: 238278104
Test: do the ramdump
Change-Id: I50e1fa83b99e8f24c849e278710b38f6ff9a25be
srcs/android/sysprop/MemoryProperties.sysprop
This property is populated by property service from the kernel
command line parameter androidboot.ddr_size=XXXX. Vendors can set
this command line option from the bootloader.
Bug: 231718727
Test: n/a
Change-Id: I3fb8a18125081b1a30dee715831f5701964cb375
fastboot will read this prop to check if io uring is supported. Add
proper sepolicy.
Test: th
Bug: 31712568
Change-Id: I8990d8a31748534d4444a2ef25b58d629651dac7
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.
Test: android.security.SELinuxTargetSdkTest
Bug: 193912100
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
The fuse supports file contexts. Microdroid_manager no longer needs the
access to the fuse label.
Bug: 188400186
Test: run microdroid test
Change-Id: I9a17a96c6d07a466e1fa01d65279e467a874da3f
This service has valid use cases such as video players and should therefore not be audited.
Change-Id: I3a0cffb34429320a412a7c05220376c0b58e28a3
Test: make
Bug: 211632068
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native boot experiments.
Bug: 241730607
Test: Build
Merged-In: Idc2334534c2d42a625b451cfce488d7d7a651036
Change-Id: I3e98f1b05058245cad345061d801ecd8de623109
This is a roll-forward of some of the changes rolled back in
aosp/2170746. I am rolling forward in smaller chunks so that it is
easier to identify and avoid possible breakages.
Bug: 236691128
Test: atest SeamendcHostTest
Change-Id: Ibe451325d471fe04cd52683ba90a22543fa84c7c