Since the fsverity_init binary is being removed, remove the
corresponding SELinux rules too.
For now, keep the rule "allow domain kernel:key search", which existed
to allow the fsverity keyring to be searched. It turns out to actually
be needed for a bit more than that. We should be able to replace it
with something more precise, but we need to be careful.
Bug: 290064770
Test: Verified no SELinux denials when booting Cuttlefish
Change-Id: I992b75808284cb8a3c26a84be548390193113668
Give lpdump read (but not write) access to /metadata/ota so it can call
SnapshotManager::Dump for diagnostics.
Bug: 291083311
Test: lpdump
Change-Id: I732bcebcd809449c86254ea23785dc2c692bedd5
On 32 bit gsi img, when the webview launch, system will crash, due to
system_server not have the selinux permission of cgroup dir create.
Only 32 bit gsi img has this issue, 64 bit not have.
Bug: 288190486
Test: flash 32-bit GSI image and boot to check whether webview crash
Change-Id: I60fe69087ddbf97b5ebba62bf151626f9422c43c
Test: Manually validated that GmsCore can access the properties, but not a test app.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
(cherry picked from commit c97b3a244f)
The enable_rkpd property is no longer needed. This change removes the
vestigial property.
Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
Some HAL implementations can't support setLayerBuffer multiple times to
clear the per-layer buffer caches. Therefore, default this behavior to
disabled, and allow HALs to explcitily enable this behavior to obtain
the necessary memory savings.
Test: play videos with both true and false on both HIDL and AIDL
Bug: 285561686
Change-Id: I928cef25e35cfc5337db4ceb8581bf5926b4fbe3
Binary translation maps these regions to install translated code,
see linked bug for more context.
Bug: http://b/189502716
Test: run cts -m CtsExternalServiceTestCases -t android.externalservice.cts.ExternalServiceTest#testBindExternalServiceWithZygote
in binary translated enviroment.
Change-Id: I3bc978b9013e9fc5cf700d1efca769331ec395b0
app_process couldn't map /data/asan/system_ext/lib/libgpud_sys.so
avc: denied { execute } for path="/data/asan/system_ext/lib/libgpud_sys.so"
dev="dm-43" ino=784 scontext=u:r:zygote:s0 tcontext=u:object_r:system_data_file:s0
tclass=file permissive=0
Bug: 286479817
Test: bootup, app_process can work well with asan enabled.
Change-Id: I577105fe1b0c4cb7fa98ccb33eac0f59a0e645f6
Path to vendor overlays should be accessible to those processes with
access to vendor_overlay_file. This is okay when overlays are under
/vendor/overlay because vendor_file:dir is accessible from all domains.
However, when a vendor overlay file is served from a vendor apex, then
the mount point of the apex should be allowed explicitly for 'getattr'
and 'search'.
Bug: 285075529
Test: presubmit tests
Change-Id: I393abc76ab7169b65fdee5aefd6da5ed1c6b8586
To read overlay from vendor apex, app_zygote needs to have access to
vendor_apex_metadata_file:dir with {getattr,search} permissions.
Bug: 286320150
Test: atest
CtsExternalServiceTestCases: android.externalservice.cts.ExternalServiceTest#testBindExternalServiceWithZygote
Change-Id: Icef716e6d238936d04c5813c23042ec4b0e28541
If we run a VM from an adb shell, e.g. via `vm run`, then we would
like to get the VM console & log sent to the shell console.
That doesn't work unless virtualization manager & crosvm can write to
devpts.
Bug: 286355623
Test: Manual: adb shell, /apex/com.android.virt/bin/vm run-microdroid --debug full
Change-Id: I01b233bc6ad5fba8f333f379af62a03806ae8949
Now, root dir and apex_manifest.pb of vendor apex mounts are labelled as
vendor_apex_metadata_file. For webview_zygote to read overlays from
vendor apexes it needs to be allowed to "search" the roots of vendor
apexes.
Bug: 286330836
Test: atest CtsWebkitTestCases:android.webkit.cts.WebViewTest#testAddJavascriptInterface
Change-Id: I5ea333800221e272a4e678b00326a79a6398c861
Adds persist.syui.notification.ranking_update_ashmem property and
associated permissions, which will be used to flag guard a change in
core/...NotificationRankingUpdate.java.
Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because NotificationRankingUpdate.java
is a core library), but setting should only be possible internally (and
via debug shell).
Test: manual flash+adb setprop/getprop
Bug: 249848655
Change-Id: I661644893714661d8c8b5553c943fa17d08c000c
A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This
is read-allowed by a few system components which need to read "apex" in
general. For example, linkerconfig needs to read apex_manifest.pb from
all apexes including vendor apexes.
Previously, these entries were labelled as system_file even for vendor
apexes.
Bug: 285075529
Test: m && launch_cvd
Test: atest VendorApexHostTestsCases
Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf
This reverts commit 3bb2411564.
Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules
Change-Id: I4a3ed3c4f00e9bee88608e7d393ded204d922ee2
Merged-In: I00cac36ac2f2a23d02c99b9ad9df57061d1ae61c
This reverts commit 92251f5d15.
Reason for revert: Remove deferred list functionality now that the shape
of ANGLE shipping form is binaries. Applications on the list are broken
with ANGLE due to the lack of YUV support, this is currently being
worked on.
Bug: 280450222
Change-Id: Ied92e6f482fe77e045139b4b0531b1db1a7ffb13
Test: atest CtsAngleIntegrationHostTestCases
no writing to vendor_file_type is the intention
here, but they only restricted vendor_file.
Bug: 281877578
Test: build (neverallow only change)
Change-Id: Ic5459dcd420ee24bad8310a587a0b9b1cc5b966a