"This symlink was suppose to have been removed in the Gingerbread
time frame, but lives on."
https://android.googlesource.com/platform/system/core/+/d2f0a2c%5E!/
Apps targeting R+ must NOT use that symlink.
For older apps we allow core init.rc to create
/mnt/sdcard -> /storage/self/primary symlink.
Bug: 129497117
Test: boot device, /mnt/sdcard still around.
Change-Id: I6ecd1928c0f598792d9badbf6616e3acc0450b0d
Allow netd to trigger the kernel synchronize rcu with open and close
pf_key socket. This action was previously done by system_server but now
it need to be done by netd instead because there might be race issue
when netd is operating on a map that is cleaned up by system server.
Bug: 126620214
Test: android.app.usage.cts.NetworkUsageStatsTest
android.net.cts.TrafficStatsTest
Change-Id: Id5ca86aa4610e37a2752709ed9cfd4536ea3bfaf
ART follows the /data/user/0 symlink while loading cache files, leading
to:
avc: denied { getattr } for comm="webview_zygote" path="/data/user/0"
dev="sda35" ino=1310726 scontext=u:r:webview_zygote:s0
tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=0
Allow this access, the same as app and app_zygote do.
Bug: 123246126
Test: DeviceBootTest.SELinuxUncheckedDenialBootTest
Change-Id: I90faa524e15a17b116a6087a779214f2c2142cc2
The bootstrap bionic (/system/lib/bootstrap/*) are only to the early
processes that are executed before the bionic libraries become available
via the runtime APEX. Allowing them to other processes is not needed and
sometimes causes a problem like b/123183824.
Bug: 123183824
Test: device boots to the UI
Test: atest CtsJniTestCases:android.jni.cts.JniStaticTest#test_linker_namespaces
Change-Id: Id7bba2e8ed1c9faf6aa85dbbdd89add04826b160
hal_omx needs to access audio devices to use OMX HW decoders and
encoders. Allow hal_omx to access audio devices.
authored-by: Banajit Goswami <bgoswami@codeaurora.org>
Change-Id: I742c29c4105e5647ca1a7e017e311559a0567b52
While the directory is not present anymore in Q, it has been shipped on
Q Beta 2 and the absence of such label might cause issues to devices
with pending installs which receive an OTA > Beta 2.
Bug: 130184133
Test: m
Merged-In: Ie3e77eebd2e7fd7b3a6a940d189cbc2bb386dc0e
Change-Id: Ie3e77eebd2e7fd7b3a6a940d189cbc2bb386dc0e
fc_sort uses its own implementation of merge sort, but it's
unnecessarily complex and sorting criteria isn't clear: it only
compares lengths and existences of fields. So it can give different
results on the same input (same set of entries, different order).
This fixes it so that output is always deterministic, regardless of
the order of lines in input files.
Bug: N/A
Test: try to run fc_sort several times on same input with different
line orders, and see the results.
Change-Id: I982a35a4ae9e115030a8598027bbf1181ee77a7d
/system/bin/auditctl is executed by init to set the kernel audit
throttling rate limit. Grant the rules necessary for this to happen.
Test: compiles and boots
Test: Perform an operation which generates lots of SELinux denials,
and count how many occur before and after the time period.
Bug: 118815957
Change-Id: Id9df65497d1172ab7c2e84ff6a43722f11c61620
This is needed for bugreport to include ANR trace for the process.
Bug: 128878895
Test: adb bugreport
Change-Id: I31a2fceb9c8ec1d8588374bb97f3b518a075ddfb
This change allows the perfetto cmdline client to access
the (unprivileged) producer socket of traced, with the
intent of triggering finalization of already running traces
(see b/130135730). Matching change: aosp/932138
Note that:
- perfetto cmdline can already access the consumer socket
(to start tracing sessions).
- The producer socket is already exposed to most domains,
including unprivileged apps.
Bug: 130135730
Bug: 128966650
Change-Id: Id9106279584798e6689102085fa46a0b7ecb1ba7
We no longer have /system/etc/security/apex/* as the public keys are all
bundled in APEXes. Removing the selinux label and policies for it.
Bug: 936942
Test: device is bootable
Change-Id: I6b6144a8d15910d1ba8584a0778244ed398dc615
android/soong/common was renamed to android/soong/android long
ago, but the pctx package path was still "android/soong/common".
This required all users of rules defined in android/soong/android
to import "android/soong/android" and then
pctx.Import("android/soong/common").
Test: m checkbuild
Change-Id: Ic9e8bf25e76dbd61bb1cb1d0e7d095e73c0f279b
Allow renderscript to use file descriptors created by ephemeral apps.
This is needed to support renderscript execution by ephemeral apps.
Steps to reproduce:
atest com.google.android.pm.gts.PackageManagerHostTest#testRenderScriptLoading
Expected:
Test passes
Actual:
03-26 03:33:45.373 4607 4607 F linker : CANNOT LINK EXECUTABLE "/system/bin/bcc": can't enable GNU RELRO protection for "": Permission denied
03-26 03:33:45.373 4566 4600 E RenderScript: Child process "/system/bin/bcc" terminated with status 256
03-26 03:33:45.373 4566 4600 E RenderScript: bcc: FAILS to compile 'init_test'
03-26 03:33:45.374 4566 4596 E TestRunner: failed: testRenderScriptLoading(com.google.android.gts.packagemanager.InstantAppTestCases)
03-26 03:33:45.375 4566 4596 E TestRunner: ----- begin exception -----
03-26 03:33:45.375 4566 4596 E TestRunner: java.lang.AssertionError: Instant App should be able to access RenderScript APIs.
03-26 03:33:45.375 4566 4596 E TestRunner: at org.junit.Assert.fail(Assert.java:88)
03-26 03:33:45.375 4566 4596 E TestRunner: at com.google.android.gts.packagemanager.InstantAppTestCases.testRenderScriptLoading(InstantAppTestCases.java:338)
03-26 03:33:45.375 4566 4596 E TestRunner: at java.lang.reflect.Method.invoke(Native Method)
03-26 03:33:45.375 4566 4596 E TestRunner: at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
Additional notes: Confusingly ephemeral_app is not part of untrusted_app_all,
but it is part of all_untrusted_apps, which is used for neverallow
assertions.
Bug: 129356700
Test: atest com.google.android.pm.gts.PackageManagerHostTest#testRenderScriptLoading
Change-Id: I47781012b9fd2cd1d03a3d50bed0c693bcf9ec7b
Property is NNAPI client-readable and writeable only by init/build.prop.
Bug: 129666983
Bug: 120483623
Test: flashed crosshatch/Cts tests for NNAPI
Change-Id: Ic4c0f176440610a2c54c078863f3d5382323cc65
