This is required for accessing sensor data in audioserver.
Bug: 188502620
Test: log-based verification of sensor data coming through.
Change-Id: I183ce5106401ae7853096e80a8650cc7919e6221
Bug: http://b/170257616
This allows native code in CTS tests to write their coverage profiles.
Like other cases of this pattern, this is only enabled with the
NATIVE_COVERAGE build parameter, and shouldn't affect release build
configurations.
Test: atest -a CtsNdkBinderTestCases and verify non-zero coverage in
cts/tests/tests/binder_ndk/libbinder_ndk_test/
Change-Id: Id78aa67750f33c4a8ec6e7fcf8418ff23fc27ac7
Previously, the boot process of microdroid was mostly implemented in the
init.rc file. microdroid_manager was started first in the background,
then apexd, apkdmverity, and zipfuse were executed in sequence. However,
in order to correctly implement the app payload verification scheme,
most of the early boot process has to be controlled by
microdroid_manager. Specifically, apkdmverity should be started "after"
the apk roothash is read from the instance disk by microdroid_manager.
As an alternative, we could let apkdmverity the read instance disk by
itself. However, this is undesirable because doing so requires multiple
processes - microdroid_manager and apkdmverity - have access to the
instance disk and more seriously the secret key to decrypt it.
Another alternative is to let microdroid_manager do the dm-verity
configuration which apkdmverity does. This also is considered
undesirable because then we would give the permissions for configuring
dm-verity devices to microdroid_manager which is a long-running daemon
process. Note that apkdmverity is not a daemon process.
This CL introduces a few number of changes which are required to let
microdroid_manager directly control the early boot process:
1) microdroid_manager is allowed to start the services apkdmverity and
zipfuse by using the `ctl.start` sysprop.
2) apkdmverity is allowed to use bootstrap bionic libraries as it is now
executed before APEXd activates the APEXes.
3) A new sysprop `microdroid_manager.apk_roothash` is added. It is
written by microdroid_manager and read by apkdmverity. It contains the
roothash read from the instance disk. This value is not a secret.
4) Another new sysprop `apex_config.done` is added. It is set by init
just after `perform_apex_config` and read by microdroid_manager.
Microdroid_manager uses this to wait until linker configuration is ready
so that it can execute app payloads with the config.
Bug: 193504400
Test: atest MicrodroidHostTestCases
Change-Id: If29ce17d7a6cb4859e8ceeffb321724e7f11bf82
Define type userspace_panic_device and macro userpanic_use for init,
llkd, and system_server to access /dev/userspace_panic - a kernel file
node for userspace processes to request kernel panic.
Bug: 188777408
Change-Id: I1e9d115d85f664aa84bdd6bb4b95bdb48e3aab9a
Remove some allow rules for odsign, since it no longer directly
modifies CompOs files. Instead allow it to run compos_verify_key in
its own domain.
Grant compos_verify_key what it needs to access the CompOs files and
start up the VM.
Currently we directly connect to the CompOs VM; that will change once
some in-flight CLs have landed.
As part of this I moved the virtualizationservice_use macro to
te_macros so I can use it here. I also expanded it to include
additional grants needed by any VM client that were previously done
for individual domains (and then deleted those rules as now
redundant).
I also removed the grant of VM access to all apps; instead we allow it
for untrusted apps, on userdebug or eng builds only. (Temporarily at
least.)
Bug: 193603140
Test: Manual - odsign successfully runs the VM at boot when needed.
Change-Id: I62f9ad8c7ea2fb9ef2d468331e26822d08e3c828
This is requested by the partner engineer team to uniquely identify
a partition.
Bug: 197973981
Test: boot the device
Change-Id: Id0393698d730391eb8e438e424e527451f54d4ea
No new HIDL HAL's are allowed in Android T. UWB HAL converted to
versioned AIDL interface to be compliant.
Bug: 195308730
Test: Compiles
Change-Id: I35cf8edd244baa02778ee8eff46840ae26424869
Since we are now creating an AOSP HAL for uwb. Rename Pixel specific
internal UWB HAL from Android S to hal_uwb_vendor to avoid conflicts
with the AOSP HAL sepolicy rules that are going to be added in
Android T.
Android S Architecture:
|Apps | AOSP API | Vendor Service | Vendor HAL Interface | Vendor HAL
Implementation | Vendor driver/firmware
Android T Architecture:
|Apps | AOSP API | AOSP Service | AOSP HAL Interface | Vendor HAL
Implementation | Vendor driver/firmware
Ignore-AOSP-First: Dependent changes in internal-only projects.
Bug: 195308730
Test: Compiles
Change-Id: I7bf4794232604372134ea299c8e2a6ba14a801d3
Merged-In: I7bf4794232604372134ea299c8e2a6ba14a801d3
(cherry picked from commit 40465250e4)
(cherry picked from commit 27ab309fad)
Since we are now creating an AOSP HAL for uwb. Rename Pixel specific
internal UWB HAL from Android S to hal_uwb_vendor to avoid conflicts
with the AOSP HAL sepolicy rules that are going to be added in
Android T.
Android S Architecture:
|Apps | AOSP API | Vendor Service | Vendor HAL Interface | Vendor HAL
Implementation | Vendor driver/firmware
Android T Architecture:
|Apps | AOSP API | AOSP Service | AOSP HAL Interface | Vendor HAL
Implementation | Vendor driver/firmware
Ignore-AOSP-First: Dependent changes in internal-only projects.
Bug: 195308730
Test: Compiles
Change-Id: I7bf4794232604372134ea299c8e2a6ba14a801d3
Merged-In: I7bf4794232604372134ea299c8e2a6ba14a801d3
This type is used when device encryption is managed by the host system.
(e.g. ARC++)
Please see b/136127632#comment10 for the reason why we introduce this.
Bug: 169207445
Test: m
Change-Id: I8c4eaa57389e591b2c520b59bb95408d43daf22c
