Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.
Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
Give perfetto rw dir and create file permissions for new directory.
Give system server control to read, write, search, unlink files from new directory.
Test: locally ensure traces can be written by perfetto and accessed and deleted by system server
Bug: 293957254
Change-Id: Id015429b48ffffb73e7a71addddd48a22e4740bf
This is an AIDL service exposed by Virtualization Service to system
server (VirtualizationSystemService).
The implementation is Rust so no fuzzer is required.
I've put this behind the flag on general principle.
Bug: 294177871
Test: atest MicrodroidTests
Change-Id: Ia867fe27fb2e76d9688e4ba650ebf7b3f51ee597
1, /metadata/aconfig is the directory that stores aconfig storage
related protobuf files and flag value files boot copy. Grant read
access to everybody. But limit the write access only to init and
aconfig storage service process (to be created later)
2, /metadata/aconfig/flags is the sub directory that stores persistent
aconfig value files.Initially set it up to be accessible by
system_server process only . When aconfig storage service process is
created, will add another permission to storage service process.
Context to why we are hosting flag data on /metadata partition:
Android is adopting trunk stable workflow, flagging and A/B testing is
essential to every platform component. We need some place to host the
flag that are accessible to system processes that starts before /data
partition becomes available.
In addition, there has been a long discussion regarding utilizing
/metadata partition for some process data, another example is mainline
modules, we are trying to make them to be able to be mounted earlier,
but cannot due to /data availability.
Bug: 312444587
Test: m
Change-Id: I7e7dae5cf8c4268d71229c770af31b5e9f071428
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.
Bug: 293957254
Test: Presubmit & tested in conjunction with internal change
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
Bug: 311377497
Test: manual - Call
getDexoptChrootSetupServiceRegisterer().waitForService()
Test: manual - Set up a chroot environment and call
getArtdPreRebootServiceRegisterer().waitForService()
Change-Id: I50b5f7f858dab37f05174cb9787f64303d50d083
Memhealth driver has been removed from all android kernels.
Test: m
Bug: 315560026
Change-Id: Ia4f91bde3a999a490b42b57abcd521ff9cc94633
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Restricting that properties can only be written by platform and module.
It will be read and written from init and sytem_server.
Bug: b/289203818
Test: m
Change-Id: Ie6b44d1222ec1a9fbfc9b90e0455588f9defe848
Legacy VPNs are removed, including the usage of mtpd/pppd.
Only the type ppp and mtp remain as there are usages elsewhere.
Bug: 161776767
Test: m, presubmit
Change-Id: I556b0daa55f9ea7bf844f6a52d10dda02e324ee0
This CL adds sepolicy for the system property
threadnetwork.country_code. This system property
is set by init and be read by the ThreadNetworkService.
Bug: b/309357909
Test: Configure the system property in ini.product.rc and
check the configured country code via the command
`dumpsys thread_network`.
Change-Id: I6f067ced24842755f2c5519169ba9a94df17829f
This commit includes two sepolicy changes:
1. change threadnetwork data file to
/data/misc/apexdata/com.android.tethering/threadnetwork
2. use apex_tethering_data_file for files under
/data/misc/apexdata/com.android.tethering
The background is that the Thread daemon (ot_daemon) is merged into the
Tethering mainline module, which means the the Tehtering module now has
code running in both system_server and the standalone unprivileged
ot_daemon process. To prevent ot_daemon from accessing other
apex_system_server_data_file dirs, here use the specific
apex_tethering_data_file for both Tethering and Thread files (A
subdirectory threadnetwork/ will be created for Thread at runtime). This
is similar to apex_art_data_file and apex_virt_data_file.
Note that a file_contexts rule like
```
/data/misc/apexdata/com\.android\.tethering/threadnetwork(/.*)? u:object_r:apex_threadnetwork_data_file:s0
```
won't work because the threadnetwork/ subdir doesn't exist before the
sepolicy rules are evaluated.
Bug: 309932508
Test: manually verified that Thread settings file can be written to
/data/misc/apexdata/com.android.tethering/threadnetwork
Change-Id: I66539865ef388115c8e9b388b43291d8faf1f384
This reverts commit 5e1d7f1c85.
Reason for revert: retry with a fix to the failed tests
Test: atest art_standalone_oatdump_tests
Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e
The changes include
- allow binder calls to ActivityManager and NativePackageManager
- allow binder calls from system server
- allow writes of statsd atoms
- allow init to start uprobestats
- permission for uprobestats config files and propery
- allow execution of oatdump so it can look up code offsets
- allow scanning /proc.
Test: m selinux_policy
Change-Id: Id1864b7dac3a2c5dcd8736c4932778e36b658ce3
Cmd line: /system/bin/servicemanager
ABI: 'x86_64'
"servicemanager" sysTid=202
NOTE: Function names and BuildId information is missing for some frames due
NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
NOTE: found under the lib/ directory are readable.
NOTE: On this device, run setenforce 0 to make the libraries readable.
NOTE: Unreadable libraries:
NOTE: /system/lib64/bootstrap/libc.so
#00 pc 00000000000babda /system/lib64/bootstrap/libc.so
#01 pc 0000000000017819 /system/lib64/libutils.so (android::Looper::pollAll(int, int*, int*, void**)+441) (BuildId: 2ed0ced7383d1676a37aed1236486ac3)
#02 pc 0000000000011a25 /system/bin/servicemanager (main+1157) (BuildId: 509b83cb97addfa90aaa4ad911c2a3df)
#03 pc 00000000000547a9 /system/lib64/bootstrap/libc.so
Bug: 314088872
Test: adb shell am hang and check ANRs
Change-Id: I7daf19a3afbd18aa93093fb152f9555022ece88f
This allows AccessibilityManagerService in system_server to
interact with a HID-supported Braille Display.
Bug: 303522222
Test: ls -z /dev/hidraw0
Test: plat_file_contexts_test
Test: Open FileInputStream and FileOutputStream on this device
path from AccessibilityManagerService
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67a63cc046769759aa43cf1653f11e57c55cd1db)
Merged-In: I2982e907bd2a70c1e4e8161647d6efd65110b99c
Change-Id: I2982e907bd2a70c1e4e8161647d6efd65110b99c
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
Changes from the reverted cl aosp/2812455:
- The AIDL service type has been renamed from avf_* to hal_* to be
consistent with the others.
- The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
for the IRPC/avf service, has been set up with the server/client model
for AIDL Hal. The virtualizationservice is declared as server and
RKPD is declared as client to access the service instead of raw
service permission setup as in the reverted cl. This is aligned
with the AIDL Hal configuration recommendation.
- Since the existing type for IRPC hal_remotelyprovisionedcomponent is
already associated with keymint server/client and has specific
permission requirements, and some of the keymint clients might not
need the AVF Hal. We decided to create a new AIDL service type
instead of reusing the exisiting keymint service type.
Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
This reverts commit 76a62dfb3e.
Reason for revert: Relanding with virtual_camera flag disabled to prevent test failures before rc entry is added for the service (which needs to be done after this cl is submitted to prevent boot test failing due to selinux denials).
Test: https://android-build.corp.google.com/builds/abtd/run/L11500030000350228
Change-Id: Ie621f89610b173918bb4c0b6eb1f35547f56f6b7
and consitently name service and process as "virtual_camera" (with
underscore)
Test: Cts VirtalCameraTest
Bug: 270352264
Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a
This is checked when getting the time of last successful authentication
from keystore2. The auth_service is the only expected caller.
Bug: 303839446
Test: manual
Change-Id: Idf222e69c0553a7be94206b519a95a4006e69507
Create a new system property for game default frame
rate. A toggle system setting UI will set
`persist.graphics.game_default_frame_rate.enabled`
via GameMangerService in system_server.
`persist.graphics.game_default_frame_rate.enabled` == 1:
default frame rate enabled
`persist.graphics.game_default_frame_rate.enabled` == 0:
default frame rate disabled
Bug: 286084594
Test: m, flash and boots properly on Raven
Change-Id: Iae7ebf39aad6c81475ef3d289d750a818fd4ef79
When receiving the binder transaction errors reported by Android
applications, AMS needs a way to verify that information. Currently
Linux kernel doesn't provide such an API. Use binderfs instead until
kernel binder driver adds that functionality in the future.
Bug: 199336863
Test: send binder calls to frozen apps and check logcat
Test: take bugreport and check binder stats logs
Change-Id: I3bab3d4f35616b4a7b99d6ac6dc79fb86e7f28d4
The get_state permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#getState() served by keystore2. That
API has been removed because it was unused
(https://r.android.com/2768246). Therefore, stop granting the get_state
permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
Bug: 296464083
Test: atest CtsKeystoreTestCases
Change-Id: Ie6c7b17a8652f86a75d48c134a6e71a634d63772
When keystore was replaced with keystore2 in Android 12, the SELinux
class of keystore keys was changed from keystore_key to keystore2_key.
However, the rules that granted access to keystore_key were never
removed. This CL removes them, as they are no longer needed.
Don't actually remove the class and its permissions from
private/security_classes and private/access_vectors. That would break
the build because they're referenced by rules in prebuilts/.
Bug: 171305684
Test: atest CtsKeystoreTestCases
Flag: exempt, removing obsolete code
Change-Id: I35d9ea22c0d069049a892def15a18696c4f287a3
