Clients of virtualization service use these properties to
determine whether normal and protected VMs are supported and tailor
their VM requests accordingly.
Bug: 217687661
Test: adb unroot; adb shell getprop | grep ro.boot.hypervisor
Change-Id: Ia1c017c2346217dbc45973cbfb5adbecabedf050
Keystore now hosts a native binder for the remotely provisioned key
pool, which is used to services such as credstore to lookup remotely
provisioned keys.
Add a new service context and include it in the keystore services.
Add a dependency on this new service for credstore. Also include a
credstore dependency on IRemotelyProvisionedComponent, as it's needed
to make use of the key pool.
Bug: 194696876
Test: CtsIdentityTestCases
Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e
Bug: 217452259
Test: Manual, set property in system.prop, build, flash, make sure value
is reflected in getprop | grep bluetooth.device
Change-Id: Id4bfebb4da5bcd64ea4bac8e3c9e9754c96256c6
Though libsepol supports it since selinux commit 644c5bbb,
test code couldn't handle whitespace in file name in policy
database.
Solved by splitting string once from left and then once
from right to avoid split of whitespace in file name.
Minimal reproducing example:
$ echo '(genfscon sysfs "/s/p a/ce" (USER ROLE TYPE ((SENS) (SENS))))' > s.cil
$ secilc -m -o s.db external/selinux/secilc/test/minimum.cil s.cil
$ searchpolicy --libpath out/host/linux-x86/lib64/libsepolwrap.so -sX --allow s.db
Traceback (most recent call last):
File "/tmp/Soong.python_ra9it1nk/searchpolicy.py", line 52, in <module>
pol = policy.Policy(args.policy, None, args.libpath)
File "/tmp/Soong.python_ra9it1nk/policy.py", line 460, in __init__
self.__InitGenfsCon()
File "/tmp/Soong.python_ra9it1nk/policy.py", line 419, in __InitGenfsCon
self.__GenfsDictAdd(self.__GenfsDict, buf.value.decode("ascii"))
File "/tmp/Soong.python_ra9it1nk/policy.py", line 399, in __GenfsDictAdd
fs, path, context = buf.split(" ")
ValueError: too many values to unpack (expected 3)
Test: manual, as described above
Test: cts SELinuxHostTest with spaces in a genfscon path
Change-Id: I7c74292513a63819ee7dc03ab4977ce9363589a4
VirtualizationService uses the properties to discover hypervisor
capabilities. Allow it access for this purpose.
Bug: 216639283
Test: build
Change-Id: I82f0c2ef30c8fb2eefcac1adf83531dd3917fdb8
The properties that report hypervisor capabilities are grouped with the
other hypervisor properties for sepolicy.
Bug: 216639283
Test: buid
Change-Id: I013894de637bb7e40a450df6439ebbd5cba28c2b
This was fixed in https://r.android.com/1963701, as it never worked.
This partially reverts commit 2dd48d0400.
Change-Id: I6e7096e20fd594465fb1574b11d6fecc82f5d82f
Expand the visibility of the app hibernation service so that CTS can
actually test the APIs.
Bug: 216383448
Test: atest AppHibernationIntegrationTest
Change-Id: Ibde79c9b7e2d863a7c8f4f311ec008cd72962d45
Used for *TS testing to ensure that user devices do not multi-install
APEXes.
Bug: 216852347
Test: (non root) getprop | grep ro.boot.vendor.apex
Change-Id: Ibc670fefbf89c4a4c1fa5d2ab9d7784c04946690
This allows MediaProvider call certain MediaCodec APIs
Also update prebuilts for API 32.
Test: atest TranscodeTest
Bug: 190422448
Merged-In: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
Change-Id: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
(cherry picked from commit 57401bc71f)
Merged-In:Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
Allow system_server to trigger the kernel synchronize rcu with open and
close pf_key socket. This action was previously done by netd but now
it need to be done by system_server instead because the handling code in
netd are moved to mainline module which will be loaded by system_server
in JNI mode.
Note: the permission will be removed from netd once all bpf interactions
have moved out of netd.
Bug: 202086915
Test: android.app.usage.cts.NetworkUsageStatsTest
android.net.cts.TrafficStatsTest
Change-Id: I440e0c87193775115a9b9ffb19270c47b01b082e