In Android, adb root is disabled at build-time by not compiling
sepolicies which allows adbd to run in the `su` domain.
However in Microdroid, adb root should be supported even on user builds
because fully-debuggable VMs can be started and adb root is expected
there. Note that adb root is still not supported in non-debuggable VMs
by not starting it at all.
This change removes `userdebug_or_end` conditions from the policies for
adb root. In addition, the `su` domain where adbd runs when rooted is
explicitly marked as a permissive domain allowed.
Bug: 259729287
Test: build a user variant, run fully debuggable microdroid VM. adb root
works there.
Test: run non-debuggable microdroid VM. adb shell (not even adb root)
doesn't work.
Change-Id: I8bb40b7472dcda6619a587e832e22d3cb290c6b9
As service_manager has been removed in microdroid.
Bug: 257260848
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I05b3366a14ecd8d6aabfff5eca9b6fbf804dc97a
Because MLS isn't really used in microdroid, setting it to 1 may help
improve performance a bit.
Bug: 223596384
Test: atest MicrodroidTests
Change-Id: Iace4a45ccda98e34fbf82b16ff2096a53b543132
MicrodroidHostTestCases will pull the VM's sepolicy and check it against
system/sepolicy/microdroid's neverallow rules, using sepolicy-analyze
tool.
Bug: 218461215
Test: atest MicrodroidHostTestCases
Change-Id: I62a69053996b71d69dd2bf6b7eabc8b701095477
With the keymint HAL removed from microdroid, there are no more legacy
HALs meaning no further need for hwservicemanager.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
