Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
This is an AIDL service exposed by Virtualization Service to system
server (VirtualizationSystemService).
The implementation is Rust so no fuzzer is required.
I've put this behind the flag on general principle.
Bug: 294177871
Test: atest MicrodroidTests
Change-Id: Ia867fe27fb2e76d9688e4ba650ebf7b3f51ee597
Revert submission 2929484-fix-b-321651892-ihaladapter
Reason for revert: possible cause of b/323385784
Reverted changes: /q/submissionid:2929484-fix-b-321651892-ihaladapter
Change-Id: I9664f8f9dd6eec159be7fbf3b148a12d44cef582
This service is used by the audio server for translating
between legacy string KV pairs and AIDL vendor parameters.
It resides on the system_ext partition.
Since it has to be implemented by every SoC vendor, provide
an example implementation. This example service is added
to CF and GSI system_ext. Vendors can use their own names
and policy labels, the only thing that the audio server
depends on is the AIDL interface.
There is no fuzzer for this service because the example
implementation only contains trivial code (interface
methods are stubbed out).
Bug: 321651892
Test: atest audiorouting_tests
Change-Id: I8ab922660a30ffd44772987204ac4a28c1007c66
Being a system_api_service prevents non-privileged apps from getting a reference to WearableSensingManager via Context#getSystemService (it returns null). CTS tests are run as non-privileged apps, so we need this change to properly test the API.
The API methods are protected by a signature|privileged permission. CTS tests can gain this permission by adopting the Shell's permission identity, but it can't get around the SELinux policy.
wearable_sensing_service is mostly modelled after ambient_context_service, which is an app_api_service, so we believe this change is fine from a security's perspective.
Test: A CTS test can get a WearableSensingManager via Context#getSystemService after this change.
Change-Id: I9d854353f48ff7b3fa5a07527bee0bcc83cb6236
vfio_handler will be active only if device assignment feature is turned
on.
Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
API changes are in ag/20407841. Please note we're still going through
security reviews here: b/249996246 and will incorporate feedback as we
go through the process. These selinux policies will enable the
WearableSensingService to run and unblock upstream development work.
Test: Ensure no build failures, ensure no SecurityException on boot
Bug: 249135378, 244181656
Ignore-AOSP-First: to prevent new feature leak.
Change-Id: I597827766cc3ed68ae65fb177f518eaf874f1eda
The background_install_control service is going to detect
background installed apps and provide the list of such apps.
Bug: 244216300
Test: manual
Change-Id: I6500f29ee063da4a3bc18e109260de419dd39218
This is a part of changes to bring up Remote Key Provisioning Daemon
module. See packages/modules/RemoteKeyProvisioning for more info.
Change-Id: Iae4e98176491637acb03e2e09b9d8dbc269be616
Test: atest rkpd_client_test
Context about this is on ag/16302285
Test: Ensure no build failures, ensure no SecurityException on boot
Bug: 192476579
Change-Id: If5ba2fa41975acf91c0002a0f301da11eaebd6d2
Bug: 197684182
Test: Manually verified that BinaryTransparencyService is correctly
started and running.
Change-Id: I4eaf5698dd2edb428205afcd57c22502d56d2ec2
The logd binder service is on logd side.
The logcat binder service is on system_server side.
These two binder services facilitate the binder RPC
between logd and system_server.
Bug: 197901557
Test: manual
Change-Id: I5f08bbb44a88dc72302331ab11c7d54f94db16ac
Note: the service was renamed following ApiLint.kt suggestions.
Ignore-AOSP-First: tied to launch of new upcoming hardware.
Test: atest CtsAppTestCases:CommunalManagerTest
Bug: 206054365
Change-Id: Ieca5eba540e77af09d6a1cfe03cc29a988503b5b
They are served by the same process but have different clients:
- the main interface is exposed to system server;
- the internal interface is called by odrefresh when spawned by composd.
Test: compos_cmd forced-compile-test
Bug: 199147668
Change-Id: Ie1561b7700cf633d7d5c8df68ff58797a8d8bced
This is to make the SafetyCenterManager usable in CTS tests.
Test: SafetyCenterManager CTS test in ag/16284943
Bug: 203098016
Change-Id: I28a42da32f1f7f93c45294c7e984e6d1fd2cdd8d
Context about this is on ag/16182563.
Test: Ensure no build failures, ensure no SecurityException on boot when
SafetyCenterService is added as boot phase
Bug: 203098016
Change-Id: I4c20980301a3d0f53e6d8cba0b56ae0992833c30
This is the selinux changes required to create
StatsBootstrapAtomService, a lightweight proxy service in system server
to allow processes in the bootstrap namespace to log atoms to statsd.
Test: statsbootstrap is successfully published
Bug: 204889815
Change-Id: I5e44f7a65b98b8eebd8da6d35ae6094ce5e177f2
Ignore-AOSP-First: tied to launch of new upcoming hardware
Test: locally on device
Bug: 191994709
Bug: 191996331
Bug: 200324021
Change-Id: I2c1072c720658159a50905d20ca02a13e1b1c128
Add what we need to allow composd to run and expose an AIDL service.
Also delete the policy for compsvc; we never access it in the host
now, and the real policy is in microdroid. Retain the compos_exec
type, since it is referenced in the APEX sepolicy.
Bug: 186126194
Test: adb shell cmd -w android.system.composd; no denials.
Change-Id: I5f06b2b01852cdebd2d67009b363ec08b17ce33a
Configures sepolicy to allow for the new TracingServiceProxy system
services, and to allow Perfetto to access the service.
Bug: 175591887
Test: Validated the service started successfullyy, and invoked via CLI
Change-Id: Idb6438948a9d96063f8455544b97ef66267cde23
This does not yet list all the required capabilities for profcollectd,
but it at least allows the service to start under permissive mode.
Bug: 79161490
Test: start profcollectd
Change-Id: I92c6192fa9b31840b2aba26f83a6dc9f9e835030
Refactor to split the logic within statscompanion_service
The goal of the refactor is to simplify the binder calls to statsd
This service will talk to statsd.
At the end of the refactor, this service should be the only
service that talks to statsd.
Bug: 146074223
Test: Manual by creating the service with empty implementation
Change-Id: Ib9c2e10ec195d41062f1001e5a82b374696de939
This service is requested by AOSP framework, but there is no context for
it defined.
Bug: 136023468
Test: N/A
Change-Id: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28
Merged-In: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28
(cherry picked from commit 67cb30fabf)
