Who needs all those context switches?
bpfloader controls which types of vendor programs can be used.
Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
the hostapd service.
Needed in order to allow hostapd to
receive a callback from servicemanager
when the active service count changes.
Bug: 213475388
Test: atest VtsHalHostapdTargetTest
Change-Id: I3a5ec8219d23227fab85325f90d8b4aee6c76973
System server needs to do this to know whether a suitable VM for
CompOS can be created. System server does not need the ability to
actually start a VM, so we don't grant that.
Bug: 218276733
Test: Presubmits
Change-Id: Ibb198ad55819aa924f1bfde68ce5b22c89dca088
Microdroid_manager uses the ioctl to flush data to the block device.
Bug: 208639280
Test: atest MicrodroidTestApp
Change-Id: Icd708702618850e1f003b16bdc8a1698c45f6442
sepolicy_generate_compat is a binary that creates a new compat file when
freezing sepolicy API.
Suppose that we are adding {ver} compat file, after freezing {ver}
sepolicy. Then the workflow would be:
1) copy prebuilts to system/sepolicy/prebuilts/api/{ver}
2) add {ver} to PLATFORM_SEPOLICY_COMPAT_VERSIONS under
build/make/core/config.mk
3) touch the following three files
- system/sepolicy/private/compat/{ver}/{ver}.cil
- system/sepolicy/private/compat/{ver}/{ver}.compat.cil
- system/sepolicy/private/compat/{ver}/{ver}.ignore.cil
- system/sepolicy/prebuilts/api/{ver}/vendor_sepolicy.cil
- system/sepolicy/prebuilts/api/{ver}/plat_pub_versioned.cil
* This step is to build base compat files, and won't be needed in the
future.
4) add compat module files (won't be needed in the future)
- {ver}.cil
- {ver}.compat.cil
- {ver}.ignore.cil
* This step is to build base compat files, and won't be needed in the
future.
5) run the following command to update above three files:
$ source build/envsetup.sh && lunch aosp_arm64-userdebug
$ m sepolicy_generate_compat
$ sepolicy_generate_compat --branch=(branch_for_ver) \
--build latest --target-version {ver} \
--latest-version {ver-1}
6) upload build/make and system/sepolicy changes.
This script still lacks:
- handling of plat_pub_versioned.cil
- test cases
We will tackle such problems with follow-up changes.
Bug: 214336258
Test: manual
Change-Id: I21723a0832e5adadae7c22797c5aba867dc0174e
Bug: 213519191
Test: On oriole, profcollectd can call callbacks registered by
Test: ProfcollectForwardingService in system_server.
Change-Id: I8531a6e57e5e5c12033d5e8c7651ccff9a1d976a
Clients of virtualization service use these properties to
determine whether normal and protected VMs are supported and tailor
their VM requests accordingly.
Bug: 217687661
Test: adb unroot; adb shell getprop | grep ro.boot.hypervisor
Change-Id: Ia1c017c2346217dbc45973cbfb5adbecabedf050
Keystore now hosts a native binder for the remotely provisioned key
pool, which is used to services such as credstore to lookup remotely
provisioned keys.
Add a new service context and include it in the keystore services.
Add a dependency on this new service for credstore. Also include a
credstore dependency on IRemotelyProvisionedComponent, as it's needed
to make use of the key pool.
Bug: 194696876
Test: CtsIdentityTestCases
Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e
Bug: 217452259
Test: Manual, set property in system.prop, build, flash, make sure value
is reflected in getprop | grep bluetooth.device
Change-Id: Id4bfebb4da5bcd64ea4bac8e3c9e9754c96256c6
Though libsepol supports it since selinux commit 644c5bbb,
test code couldn't handle whitespace in file name in policy
database.
Solved by splitting string once from left and then once
from right to avoid split of whitespace in file name.
Minimal reproducing example:
$ echo '(genfscon sysfs "/s/p a/ce" (USER ROLE TYPE ((SENS) (SENS))))' > s.cil
$ secilc -m -o s.db external/selinux/secilc/test/minimum.cil s.cil
$ searchpolicy --libpath out/host/linux-x86/lib64/libsepolwrap.so -sX --allow s.db
Traceback (most recent call last):
File "/tmp/Soong.python_ra9it1nk/searchpolicy.py", line 52, in <module>
pol = policy.Policy(args.policy, None, args.libpath)
File "/tmp/Soong.python_ra9it1nk/policy.py", line 460, in __init__
self.__InitGenfsCon()
File "/tmp/Soong.python_ra9it1nk/policy.py", line 419, in __InitGenfsCon
self.__GenfsDictAdd(self.__GenfsDict, buf.value.decode("ascii"))
File "/tmp/Soong.python_ra9it1nk/policy.py", line 399, in __GenfsDictAdd
fs, path, context = buf.split(" ")
ValueError: too many values to unpack (expected 3)
Test: manual, as described above
Test: cts SELinuxHostTest with spaces in a genfscon path
Change-Id: I7c74292513a63819ee7dc03ab4977ce9363589a4
VirtualizationService uses the properties to discover hypervisor
capabilities. Allow it access for this purpose.
Bug: 216639283
Test: build
Change-Id: I82f0c2ef30c8fb2eefcac1adf83531dd3917fdb8
The properties that report hypervisor capabilities are grouped with the
other hypervisor properties for sepolicy.
Bug: 216639283
Test: buid
Change-Id: I013894de637bb7e40a450df6439ebbd5cba28c2b
This was fixed in https://r.android.com/1963701, as it never worked.
This partially reverts commit 2dd48d0400.
Change-Id: I6e7096e20fd594465fb1574b11d6fecc82f5d82f
