The ConfirmationUI API has a callback interface by which confirmation
results are presented to the calling app. This requires keystore to call
into apps.
Test: Device boots and no more denials when call back is delivered to
apps.
Bug: 63928580
Change-Id: Ie23211aeb74c39956c3c3b8b32843d35afa1315a
This reverts commit 6f2040f873.
Reason for revert: not needed anymore after ag/3773705
This was meant to allow system_server toggling the property on/off.
Later we realized that we needed a separate property for that
(see discussion in b/76077784) and system server happens to
have already permissions to write to sys.* properties even without
this CL.
Reverting because at this point this creates just unnecessary clutter.
Change-Id: Ia73d000aad3c4288a5652047dfe10896e231b0b1
Test: perfetto_integrationtests
Bug: 76077784
ro.config.low_ram should be set on Android Go devices by SoC vendors,
and the value can be read by vendor components.
Bug: 76132948
Bug: 75987246
Test: succeeded building and tested with taimen
Change-Id: I6ac98fa58cf641da4565d6277898fc5e5e6ceca1
Kernel modules are not permitted to be on /system partition.
That was one of Treble requirements in O:
https://source.android.com/devices/architecture/kernel/modular-kernels#file-locations
Bug: 74069409
Test: pixel/nexus devices don't have LKMs in /system, so this change
shoudl be harmless.
Test: walleye boots without issues from modprobe.
Change-Id: I8b3aeb55aacb3c99e0486224161d09a64bb52cd1
To enable/disable the traced and traced_probes deamons remotely we would
like system server to be able to set persist.traced.enable.
See also ag/3736001.
Denial:
selinux: avc: denied { set } for
property=persist.traced.enable
pid=1606 uid=1000 gid=1000
scontext=u:r:system_server:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service
permissive=0\x0a
Run:
$ adb shell 'ps -A | grep traced'
Should see traced.
$ adb shell 'settings put global sys_traced 0'
$ adb shell 'ps -A | grep traced'
Should no longer see traced.
Test: See above.
Change-Id: I245b7df3853cabeb0e75db41fb4facaa178ab8f1
Several /odm/* symlinks are added in the following change, to fallback
to /vendor/odm/* when there is no /odm partition on the device.
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/638159/
This change allows dexopt operations to 'getattr' those symlinks during
OTA.
Bug: 75287236
Test: boot a device
Change-Id: I2710ce5e2c47eb1a3432123ab49f1b6f3dcb4ffe
Allow init the ability to relabel recovery block devices. In the case
where we have recovery as a chain partition, due to its presence in
early mount node, init, in first stage itself would require relabel
permissions for the restorecon operation on recovery block device.
Bug: 73642793
Test: On bootup, recovery partition gets the appropriate se-label.
Perform OTA on non-A/B device with recovery as chain partition,
now the recovery partition gets upgraded successfully, now that
it has the correct se-label.
Change-Id: I370c510320e78ab78c9c55573073415b4983d0f6
vendor-init-settable should be allowed to ro.enable_boot_charger_mode so
that SoC vendors can set its default value.
Bug: 74421250
Test: succeeded building and tested with taimen
Change-Id: I2859aab29fefb7882989413a089b0de55142d2f1
Add rule to allow Binder call from Bluetooth process to Bluetooth
audio HIDL interface running in audio HAL service process.
Bug: 72242910
Test: Manual; TestTracker/148125
Change-Id: I1981a78bece10b8e516f218d3edde8b77943d130
(cherry picked from commit e8cfac90e8)
This reverts commit 016f0a58a9.
Reason for revert: Was temporarily reverted, merging back in with fix.
Test: Basic telephony sanity, treehugger
Bug: 74486619
Bug: 36427227
Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2
Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2
(cherry picked from commit 312248ff72)
This reverts commit aed57d4e4d.
Reason for revert: This CL is expected to break pre-submit tests (b/74486619)
Merged-in: I103c3faa1604fddc27b3b4602b587f2d733827b1
Change-Id: I0eb7a744e0d43ab15fc490e7e7c870d0f44e1401
/odm partition isn't mandatory and the following symlinks will exist on
a device without /odm partition.
/odm/app ->/vendor/odm/app
/odm/bin ->/vendor/odm/bin
/odm/etc ->/vendor/odm/etc
/odm/firmware ->/vendor/odm/firmware
/odm/framework ->/vendor/odm/framework
/odm/lib -> /vendor/odm/lib
/odm/lib64 -> /vendor/odm/lib64
/odm/overlay -> /vendor/odm/overlay
/odm/priv-app -> /vendor/odm/priv-app
This CL allows all domains to access the symlinks, also removes the
Treble compliance neverallows on them because the actual restrictions
should apply to the real path directly.
Bug: 70678783
Test: boot a device
Change-Id: If1522780a13710d8a592272dc688685cbae29f52
Also change the neverallow exceptions to be for hal_telephony_server
instead of rild.
Test: Basic telephony sanity, treehugger
Bug: 36427227
Merged-in: If892b28416d98ca1f9c241c5fcec70fbae35c82e
Change-Id: If892b28416d98ca1f9c241c5fcec70fbae35c82e
Bug: 74266614
Test: succeeded building and tested on pixel
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE=true
Change-Id: I926eb4316c178a39693300fe983176acfb9cabec
Merged-In: I926eb4316c178a39693300fe983176acfb9cabec
(cherry picked from commit 9ddba296c8)
ADB is being separated from USB service since it's not tied to the USB
transport. This duplicates the usb_service's settings to adb_service for
this purpose.
Bug: 63820489
Test: make
Change-Id: Idbcfbe470d7568f9cba51f0c8d4a8ee9503db93d
We already grant rw file access, but without dir search it's not much
use.
denied { search } for name="vibrator" dev="sysfs" ino=49606 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir permissive=0
Bug: 72643420
Test: Builds, denial gone
Change-Id: I3513c0a14f0ac1e60517009046e2654f1fc45c66
The kernel is unusual in that it's both a core process, but vendor
provided. Exempt it from the restriction against accessing files from
on /vendor. Also, rework the neverallow rule so that it disallows
opening/modifying files, but allows reading files passed over IPC.
Bug: 68213100
Test: build (this is a build-time test)
Change-Id: I2f6b2698ec45d2e8480dc1de47bf12b9b53c4446
persist.sys.zram_enabled is set in vendor/build.prop in taimen and walleye,
which was added after the initial whitelist.
go/treble-sysprop-compatibility requires whitelisting such a property to
allow it to be overridden by vendor/{default|build}.prop.
Bug: 73905119
Test: succeeded building and test with taimen
Change-Id: I931182aa05eb90c14df6e2c7cc26913f3874fa18
