Commit graph

5 commits

Author SHA1 Message Date
Howard Chen
4db8cbd552 Add permissions required to install the DSU to a SD card
Bug: 171861574
Test: execute following command on a device with a SD card inserted
       adb shell am start-activity \
        -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
        -a android.os.image.action.START_INSTALL \
        -d file:///storage/emulated/0/Download/system.raw.gz \
        --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
        --el KEY_USERDATA_SIZE 4294967296

Change-Id: I5c1c170ade9c570c7dab7cb7aff5f099db4b3d8c
2021-01-27 06:36:12 +00:00
David Anderson
f4cba7eed5 Add a kernel transition to snapuserd.
The initial launch of snapuserd happens in first-stage init, before
sepolicy is loaded, since snapuserd is needed to mount initial
partitions. After sepolicy is loaded, we immediately re-launch snapuserd
in the correct context. This requires a transition similar to init.

The "allow" lines for the kernel happen in permissive mode, since we
need to relabel critical parts of /dev/block in order to re-launch
snapuserd.

Bug: 173476209
Test: OTA applies with ro.virtual_ab.compression.enabled = true
Change-Id: I80184e737ccb558107a14b384a61f7fec31c9428
2020-12-14 23:48:08 -08:00
Andreas Gampe
d6fdcefaa8 Sepolicy: Move otapreopt_chroot to private
Move complete domain to private/. Move referencing parts in domain
and kernel to private.

Bug: 128840749
Test: m
Change-Id: I5572c3b04e41141c8f4db62b1361e2b392a5e2da
2019-03-18 10:54:42 -07:00
Alex Klyubin
f5446eb148 Vendor domains must not use Binder
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
  appdomain only, and
* temporarily exempts the domains which are currently violating this
  rule from this restriction. These domains are grouped using the new
  "binder_in_vendor_violators" attribute. The attribute is needed
  because the types corresponding to violators are not exposed to the
  public policy where the neverallow rules are.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
      sound, record slow motion video with sound. Confirm videos play
      back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
2017-03-24 07:54:00 -07:00
dcashman
cc39f63773 Split general policy into public and private components.
Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
2016-10-06 13:09:06 -07:00