To generate compat files, we need:
- base plat sepolicy
- old plat sepolicy
- base plat pub sepolicy
- mapping file from the device
- latest compat files
Generator now triggers the build system itself to get necessary base
files, and then uses the artifacts to extract new types and removed
types.
For the next step, the new/removed types will be mapped to old types,
based on the latest compat files.
Bug: 214336258
Test: sepolicy_generate_compat --branch sc-v2-dev --target-version \
32.0 --latest-version 31.0 -vvvv --build latest
Change-Id: I1f228233c1e3638e78bc0630ae51e48667a12ef5
Context about this is on ag/16302285
Test: Ensure no build failures, ensure no SecurityException on boot
Bug: 192476579
Change-Id: If5ba2fa41975acf91c0002a0f301da11eaebd6d2
This HAL starts before APEXs are activated so needs access to the
bootstrap bionic libraries.
Bug: 214231981
Test: run microdroid
Change-Id: If82729eb2eff812916f257d24ce206e371be0c56
Since clatd is shipped by mainline module, remove the following privs
/system/bin/clatd u:object_r:clatd_exec:s0
Test: build
Change-Id: Id98470fc5e641acc7e5635af02a520d2ed531cd8
microdroid_manager needs to give the measurements to diced and get
per-VM secret from it for encrypting/decrypting the instance disk.
Bug: 214231981
Test: run microdroid
Change-Id: Ia4cab3f40263619e554466433cbb065e70ae0f07
We no longer use keystore, nor do we run dex2oat directly.
But we do now use IDiceNode::derive() to get our CDI_seal for key
derivation.
Bug: 214233409
Bug: 210998077
Test: atest ComposKeyTestCase
Change-Id: Id8ba882e7c250ad0365a7f493801e02cb5a0b700
The two are now started before APEXes are activated. Therefore they need
access to the bootstrap bionic libraries.
file_contexts is also updated because their file names are changed to
avoid the conflict with their non-bootstrap variants.
Bug: 214231981
Test: m
Change-Id: I30fb1422f228b71251d6618dd7f6e4e5422717f8
To generate compat files, we need the following files.
- base_plat_sepolicy: to get all types
- base_plat_pub_policy.cil: to get public types
- {ver}_plat_sepolicy: to get old types
This creates a new dist goal, base-sepolicy-files-for-mapping, to
conveniently generate and gather desired files under out/dist.
Bug: 214336258
Test: build/soong/soong_ui.bash --make-mode dist \
base-sepolicy-files-for-mapping \
TARGET_PRODUCT=aosp_arm64 TARGET_BUILD_VARIANT=userdebug
Change-Id: I2f210ab47be777cd91346d635f75064845821144
system_server needs search/read/open access to the directory.
This change gives system_server permissions to fetching the
information from sys/class/net.
Bug: 202086915
Test: build, flash, boot
Change-Id: I7b245510efbc99427f3491c9234c45c8cc18fea1
This sepolicy is needed so that the vendor can launch a new HAL process,
and then this HAL process could join the servicemanager as an impl for
IInputProcessor. This HAL will be used to contain the previous impl of
InputClassifier and also new features that we are going to add.
Bug: 210158587
Test: use together with a HAL implementation, make sure HAL runs
Change-Id: I476c215ad622ea18b4ce5cba9c07ae3257a65817
As the Fastpair in Mainline Module design, we intend to let OEM to:
* Support Fast Pair initial pairing by setting up its own server to
sync and serve certified Fast Pair devices’ metadata.
* Support Fast Pair subsequent pairing by associating already
paired Fast Pair devices to OEM’s accounts.
We also want to migrate GMS Fast Pair to use this mainline
implementation in the future and let our test signed with "platform"
can access to the NearbyManager.
Therefore, we need to make NearbyManager available as System API.
Bug: 214495869
Test: build, flash, boot, check "nearby_service" available for "privileged apps"
Change-Id: Icda959a33ba61eb39a3b584fc3b7a8b340fba11e
Bug: 197684182
Test: Manually verified that BinaryTransparencyService is correctly
started and running.
Change-Id: I4eaf5698dd2edb428205afcd57c22502d56d2ec2
This reverts commit eee72d6cb3d9f5c6001192247861b28cb0787827.
REASON: not needed. See the other CL in the same topic.
Bug: 197358423
Test: m
Change-Id: Ice0813ed9e349e37c83b163e2c21f17bb1105013