/sys/class/wakeup/wakeupN can point to an arbitrary path in sysfs. Add
"search" permission for path resolution.
Bug: 144095608
Test: m selinux_policy
Change-Id: I033d15b4ca56656f144189f5c2b1b885f30155a3
create a single com.android.cellbroadcast apex to pack two apks
together: com.android.cellbroadcastreceiver and
com.android.cellbroadcastservice.
Bug: 135956699
Test: m com.android.cellbroadcast && adb install
com.android.cellbroadcast
Change-Id: Ib3f4447e1215f3dbff2ed019d4e15f3cea062920
incident report contains similar data as in a bugreport, but in proto
format. Currently ro.serialno is not captured due to selinux settings.
Test: adb shell incident -p LOCAL 1000
Bug: 143372261
Change-Id: I6a89308c1347fba2ce4f7b469f9a02b119d4aeb7
com.android.ipsec will be shipped as a mainline module in APEX
format. A file_contexts is required for building an APEX.
Bug: 143905344
Test: Built and installed apex on device
Change-Id: I9f9a6190886181e9e4254ea2a984d338fda533da
Android is moving away from debugfs. Information from /d/wakeup_sources
and /d/suspend_stats is now also exposed in sysfs under
/sys/class/wakeup/* and /sys/power/suspend_stats/* respectively:
https://lkml.org/lkml/2019/7/31/1349https://lkml.org/lkml/2019/8/6/1275
Allow SystemSuspend to read those sysfs nodes.
One caveat is that /sys/class/wakeup/wakeupN can be a symlink to a
device-specific location. In this case, device sepolicy should label
that the files appropriately. This is similar to how device policy
applies "sysfs_net" and "sysfs_batteryinfo" labels.
Bug: 144095608
Bug: 129087298
Test: boot cuttlefish; system_suspend is able to read
/sys/power/suspend_stats/* and /sys/class/wakeup/*
Change-Id: I350c88a271c0f422d0557aeb5e05e1537dc97bc9
init should register native services with lmkd so that they can be killed
when necessary. Allow init to communicate with lmkd over dedicated socket
the same way AMS does. Allow lmkd to kill and manipulate native processes
that were registered with lmkd.
Bug: 129011369
Test: boot and verify native service registration
Test: verify lmkd can kill registered native processes using lmkd_unit_test
Change-Id: Idfc814bd08115c548e97f11a6bdb006790cbb4ed
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Relax the requirement to have both seinfo and name specified for
privapps. The original reason for requiring both was because, normally,
a package can only be uniquely specified by both name and signature,
otherwise package squatting could occur. However, privapps are
pre-installed, so the concerns about the potential for package squatting
are eliminated. This change will drastically simplify sepolicy
configuration for priv-apps.
Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller still runs in the
permissioncontroller_app domain.
Change-Id: I5bb2bf84b9db616c4492bd1402550821c70fdd07
Allow audioserver to signal audio HAL processes and
generate tombstones in case of watchdog restart.
Bug: 141528385
Test: Force watchdog and verify tombstone creation
Change-Id: I39bb4a63aa93efab68baad3890b8f49fc5f79ead
Add some rules based on the SELinux denials observed.
Bug: 143905061
Bug: 142672293
Test: Green builds, no more denials for the 7 services added.
Change-Id: I27e4634cb1df03166e734f6c12c8cb9147568d72
System_server will read this property to determine if it should
expect the lmkd sends notification to it on low memory kills.
Bug: 136036078
Test: atest CtsAppExitTestCases:ActivityManagerAppExitInfoTest
Change-Id: Iff90f7d28dc7417994f5906333d58fb18cb4a04c
In emulator builds without OpenGL passthrough, we use software rendering
via SwiftShader, which requires JIT support. Therefore, we need to allow
system_server to use execmem so that it can run JITed code. These builds
are never shipped to users.
Bug: 142352330
Change-Id: I4d55b5a1b4ebae2fc8198ef66107c22bde41ad7e
When snapshotctl merge is called on sys.boot_completed
and /metadata/ota/state does not exist, it now tries
to initialize it by creating one.
Test: no selinux denials on boot
Bug: 143551390
Change-Id: I6ee268270e8f788d90610d7a1a90f252ea9baa3a
This is needed to use graphics RenderEngine, creation will
try to access configstore.
bug: 135717526
test: run MediaMetadataRetrieverTest, there shouldn't be any
avc denials in logcat.
Change-Id: Ie26ffe4844edd52684f254e77d9f515550dc82fb
This creates an SELinux domain for permissioncontroller and moves it out of the
priv_app SELinux domain.
Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller runs in the
permissioncontroller_app domain.
Change-Id: Ieb2e4cb806d18aaeb2e5c458e138975d1d5b64fe
Vendor can only do module load in vendor_file, which is a large area.
Changing vendor_file to vendor_file_type allows vendor to use different
labels and restrict it to smaller area.
Bug: 143338171
Change-Id: If8e0c088f2d49b7fbffff062dcae3b4084016b03
A similar problem was previously encountered with the boot control HAL
in bug 118011561. The HAL may need access to emmc to implement
set_active commands.
fastbootd uses the boot control HAL in passthru mode when in recovery,
so by extension, it needs this exception as well.
Bug: 140367894
Test: fastbootd can use sys_rawio
Change-Id: I1040e314a58eae8a516a2e999e9d4e2aa51786e7
