While taking bugreports we sometimes see dumpstate try to find
hwservices. These are mostly neverallowed by macros, so hide them.
Bug: 116711254
Bug: 123540375
Test: Build.
Change-Id: Ic73a354bdae3d124eccc9477b7862bcad66fa076
cgroups.json file contains cgroup information required to mount
cgroup controllers and is readable only by init process.
cgroup.rc contains cgroup map information consisting of the list of
cgroups available in the system and their mounting locations. It is
created by init process and should be readable by any processes that
uses cgroups and should be writable only by init process.
task_profiles.json file contains task profiles used to operate on
cgroups. This information should be readable by any process that uses
cgroups and should be writable only by init process.
Bug: 111307099
Test: builds, boots
Change-Id: Ib2c87c0fc3663c7fc69628f05c846519b65948b5
Merged-In: Ib2c87c0fc3663c7fc69628f05c846519b65948b5
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Some runtime properties require reboots and should be in the
native_boot namespace instead of native.
Bug: 120794191
Bug: 123524494
Test: set a property and ensure it can be read in AndroidRuntime.cpp
Change-Id: I1d1e984dcba26dd04d34a7d30fc63e1b75a8a311
BOARD_PLAT_*_SEPOLICY_DIR extends system sepolicy.
PRODUCT_PUBLIC_SEPOLICY_DIRS and PRODUCT_PRIVATE_SEPOLICY_DIRS now
specify locations of public and private product sepolicy respectively.
Bug: 119305624
Test: m selinux_policy
Change-Id: I48d491f0dd22020d96ff0243142153871d2d6b2b
Different devices can have /sys/* labeled differently. This allows
apexd, to traverse /sys directory tree agnostic of device-specific
labeling.
Bug: 122876102
Test: m selinux_policy
Change-Id: I08f2eb2242913e3a7d532d36a452cf111fd4e4c4
Installd will read one of these properties as a feature flag.
(cherry-picked from commit e59e731dd1)
Bug: 116059983
Bug: 123524494
Test: adb shell /data/nativetest64/installd_dexopt_test/installd_dexopt_test
Change-Id: I6c5c058ba316b98f58d8d08f7cb13828cf311833
Merged-In: I6c5c058ba316b98f58d8d08f7cb13828cf311833
In the kernel, sdcardfs wraps the contents of /data/media, which has
the label "media_rw_data_file". As part of this wrapping, it should
change the label to be "sdcardfs", but we've seen evidence that this
isn't always happening.
To temporarily unblock dogfooding while we continue investigating,
relax rules to allow Zygote to mount from either "sdcardfs" or
"media_rw_data_file", which as described above, are equivalant.
Bug: 123533205
Test: manual
Change-Id: Id633337095c0a3b69d9b8652bcc3327810339cf3
mini-keyctl is a binary used to load channel keys to .fsverity keyring.
This CL creates a new domain for mini-keyctl and a type for /proc/keys
and adds allow rules needed by this binary.
Bug: 112038861
Test: manual
Merged-In: I3b744d302859a02dfe63c81c7f33bb30912d7994
Change-Id: I3b744d302859a02dfe63c81c7f33bb30912d7994
Allow `otapreopt_chroot` to:
- bind-mount Bionic artifacts from the Runtime APEX
(`/postinstall/apex/com.android.runtime`) into `/postinstall/bionic/`;
- read the `/postinstall/system/bin/linker(64)` symlink to
`/postinstall/bionic/bin/linker(64)` when executing
`/postinstall/system/bin/otapreopt`.
Allow `otapreopt` (running as `postinstall_dexopt`) to:
- read directories under `/postinstall`.
Test: m otapreopt_chroot
Test: A/B OTA update test (asit/dexoptota/self_full).
Bug: 113373927
Bug: 120266448
Change-Id: I6de9df12d5fd84f1dd92798efed5f2d8b72d3ebe
The mount points under /bionic are rootfs in recovery mode. Init should
be able to bind-mount the bootstrap Bionic to the mount points.
Bug: 120266448
Test: adb reboot recovery; phone enters into the recovery mode
Change-Id: I57aed268eac08a5fb3609750bf10cd8d6e97347a
init now creates two mount namespaces one for pre-apexd processes and
the other for post-apexd processes. This is to mount different files to
the same mount point at /bionic. For pre-apexd processes, the bootstrap
Bionic is mounted. For post-apexd processes, the default Bionic (from
the runtime APEX) is mounted.
Using unshare and setns, init first starts with the mount namespace for
the pre-apexd and then switches to the other mount namespace when APEXes
are ready. It then occasionally switches to pre-apexd mount namespace
when it has to re-launch a pre-apexd process (e.g. the process has
crashed, etc.)
In doing so, read access to /proc/self/ns/mnt is granted to init as
well.
Bug: 120266448
Bug: 122717176
Test: m device boots
Change-Id: Idbf15cbf5cc36b9993d718d4d887cd8f23a94666
Bootstap linker has been moved from /system/bin/linker[64] to
/system/bin/bootstrap/linker[64]. Reflect the change in file_contexts.
Existing paths are not removed since the bootstrap linker (or the
linker from the rumtime APEX) will be bind-mounted to the old path by
init.
Also label the files under /bionic which serve as mount points for
either of the bootstrap bionic or the bionic from the runtime APEX.
In addition, read access for the symlinks in /system/lib/*.so and
/system/bin/linker is granted. This is because Bionic files in the paths
are now symlinks to the corresponding mountpoints at /bionic.
Bug: 120266448
Test: device boots to the UI
Change-Id: Iea4d76eb46754b435b6c5428481cd177da8d2ee1
Dynamic_android service is a proxy running in SystemServer to the
gsi_service daemon. It provides a set of SystemApi's to manage
installation of a new system image to the device while keeping the
original system image intact.
Bug: 122929007
Test: manual; see dynamic_android service start in logcat
Change-Id: Idb9b0475677dad13b7864ca0cf6041dcab04b4e3
