snapuserd logs are important when OTA failures happen. To make debugging
easier, allow snapuserd to persist logs in /data/misc/snapuserd_logs ,
and capture these logs in bugreport.
Bug: 280127810
Change-Id: I49e30fd97ea143e7b9c799b0c746150217d5cbe0
Bug: 264489957
Test: flash and no related avc error
Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af
Signed-off-by: Wilson Sung <wilsonsung@google.com>
The original change was not a correct solution and was only intended to
silence an error. After the correct fix (aosp/2559927), we can remove
the rule (which is only allow the operation to happen and fail anyway).
Test: m
Bug: None
Change-Id: Ia41fac38e89653578adab3b10def7b1b0d0a3e61
This reverts commit af6035c64f.
Reason for revert: aosp/2559927 is the right fix
Bug: 279597861
Bug: 258093107
Test: see b/258093107#30
Change-Id: I8dbea3ba5541072f2ce8969bf32cf214fabb1965
A lazy service shouldn't quit when it has clients, but
sometimes it needs to, such as when the device is
shutting down, so we test that it works.
In Android U, I broke this behavior, and it was caught
by other tests. However, now we have test support
for this directly in aidl_lazy_test.
No fuzzer, because this is a test service only, so it's
low-value.
Bug: 279301793
Bug: 278337172
Bug: 277886514
Bug: 276536663
Bug: 278117892
Test: aidl_lazy_test
Change-Id: I36b2602bb87b56ba1eb72420c7fdd60ff1fa14e2
Define the selinux domain to apply to SDK runtime for
targetSdkVersion=34.
The existing sdk_sandbox domain has been renamed to sdk_sandbox_next.
Future CLs will add logic to apply one of these to the SDK runtime
processes on the device, based on a flag.
auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.
Bug: 270148964
Test: make and boot the test device, load SDK using test app
Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
This will allow vendor customization of isolated_compute_app. New permissions added should be associated with isolated_compute_allowed.
Bug: 274535894
Test: m
Change-Id: I4239228b80544e6f5ca1dd68ae1f44c0176d1bce
For unknown reason, denial still happens with system app after applying
ag/20712480. This commit adds a work around to fix this.
Bug: 258093107
Fixes: 272530397
Test: flash build, pair watch with phone, check SE denials log
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ade3b2183d850fd508569782e35a59ef2bd4dce)
Merged-In: I16932c793c5ca144746d0903ed1826c1847d2add
Change-Id: I16932c793c5ca144746d0903ed1826c1847d2add
Enable remote_provisioning diagnostic reporting from dumpsys and adb
shell by allowing the service, which is hosted in system_server, to call
KeyMint's IRPC HAL implementation.
Test: adb shell dumpsys remote_provisioning
Test: adb shell cmd remote_provisioning
Bug: 265747549
Change-Id: Ica9eadd6019b577990ec3493a2b08e25f851f465
Adds persist.sysui.notification.builder_extras_override property
associated permissions, which will be used to flag guard
a change in core/...Notification.java.
Original change I3f7e2220798d22c90f4326570732a52b0deeb54d didn't
cover zygote, which are needed for preloaded classes
Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: Ifad9e7c010554aa6a1e1822d5885016058c801c9
Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED.
This is exposed as ro.product.cpu.pagesize.max to VTS tests.
Add the required sepolicy labels for the new property.
Bug: 277360995
Test: atest -c vendor_elf_alignment_test -s <serial>
Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
This new system property will be read and written
by a new developer option switch, through gpuservice.
Based on the value stored in persis.graphics.egl,
we will load different GLES driver.
e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver
Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
I just found it's reported in some bugreports when logging errors from
linkerconfig.
avc: denied { ioctl } for pid=314 comm="linkerconfig"
path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401
scontext=u:r:linkerconfig:s0 tcontext=u:object_r:devpts:s0
tclass=chr_file permissive=1
Bug: 276386338
Test: m && boot
Change-Id: I57c9cc655e610dc81a95bc8578a6649c52798c93
Property for multi usb mode is used by UsbAlsaManager to decide if only
one or multiple USB devices can be connected to audio system at a
certain time.
Bug: 262415494
Test: TH
Change-Id: I9481883fa8977329d35b139713aad15e995306b1
This patch allows system server to read media config properties.
On 32bit architectures the StorageManager service in system server
needs to access media config while checking if transcoding is supported.
Bug: 276498430
Bug: 276662056
Change-Id: Ifc008d98b893b099c31c1fc8b96de9ed18dd4fbe
Signed-off-by: Slawomir Rosek <srosek@google.com>
This appears to be an oversight in T sepolicy???
Based on observed logs (on a slightly hacked up setup):
04-04 20:38:38.205 1548 1935 I Nat464Xlat: Stopping clatd on wlan0
04-04 20:38:38.205 1548 1935 I ClatCoordinator: Stopping clatd pid=7300 on wlan0
04-04 20:38:43.408 1548 1548 W ConnectivitySer: type=1400 audit(0.0:8): avc: denied { sigkill } for scontext=u:r:system_server:s0 tcontext=u:r:clatd:s0 tclass=process permissive=0
04-04 20:38:43.412 1548 1935 E jniClatCoordinator: Failed to SIGTERM clatd pid=7300, try SIGKILL
04-04 20:39:27.817 7300 7300 I clatd : Shutting down clat on wlan0
04-04 20:39:27.819 7300 7300 I clatd : Clatd on wlan0 already received SIGTERM
04-04 20:39:27.830 2218 2894 D IpClient/wlan0: clatInterfaceRemoved: v4-wlan0
04-04 20:39:27.857 1548 1935 D jniClatCoordinator: clatd process 7300 terminated status=0
I think this means SIGTERM failed to work in time, and we tried SIGKILL and that was denied, and then the SIGTERM succeeded?
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia55ebd812cb9e7062e3cb10d6cb6851638926868
