LinkerConfig generator runs from early init, so if there is any warning
/ error then logs can be only found from kernel log. To enable kernel
logging from linkerconfig, specific policy should be added.
Test: m -j && Tested from Cuttlefish
Change-Id: I6c49d7693e0334ae8550891b72bcb04e37c16d89
In b/73062966, we add new AID ranges for each partition that doesn't
yet have them (system, system_ext, odm, product). We also add group
and passwd files to these partitions to be able to map these AIDs into
human readable user and group names, and vice versa.
All processes should be able to read all users and groups. We divide
the ranges into non-overlapping regions for each partition and we
namespace the names with the partition name as a prefix.
Allow domain r_file_perms to
/(system|product|system_ext)/etc/(group|passwd).
Vendor and odm passwd and group files already have this access, since
/(vendor|odm)/etc/* is already domain readable.
Example contents:
blueline:/ $ cat /system/etc/passwd
system_tom::6050:6050::/:/bin/sh
blueline:/ $ cat /product/etc/passwd
product_tom::7013:7013::/:/bin/sh
Bug: 73062966
Test: tree-hugger selinux denial during boot test
Change-Id: Ib4dc31778e95e952174e1365497feaf93dca7156
http://aosp/678384 changed property format
Fixes: 137695210
Test: inject timeout and take BR see dumpstate restarted
Change-Id: Ie24e2d42e92410a935ca4c9364b476d72aa459f3
FMRadio change from system image to product image, then FMRadio
can't launch
selinux denied log:
avc: denied { open } for path="/data/asan/product/lib64/libfmjni.so"
dev="mmcblk0p35" ino=18 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
app=com.android.fmradio
solution: label data/asan/product/lib(64) to system_lib_file
Bug: 136974466
Test: launch FMRadio, it can work
Change-Id: Icdfc794cb077b81d550816d2e7779c763604e050
/metadata/ota will store critical bits necessary to reify
system and vendor partition state during an OTA. It will be accessed
primarily by first-stage init, recovery/fastbootd, and update_engine.
Bug: 136678799
Test: manual test
Change-Id: Ib78cb96ac60ca11bb27d2b2fe011482e64ba0cf8
Move wifi services out of system_server into a separate APK/process.
Changes:
a) Created sepolicy for the new wifi apk.
b) The new APK will run with network_stack uid (eventually will be moved
to the same process).
Used 'audit2allow' tool to gather list of permissions required.
Note: The existing wifi related permissions in system_server is left
behind to allow the module to be loaded into system_server or
network_stack process depending on device configuration.
Bug: 113174748
Test: Device boots up and able to make wifi connection.
Test: Tested hotspot functionality.
Test: Ran WifiManagerTest & WifiSoftApTest ACTS tests locally.
Test: Will send for wifi regression tests.
Change-Id: Id19643a235bf0c28238f2729926b893ac2025b97
(cherry-picked from c7aa90091e6bec70a31a643cc4519a9a86fb0b38)
Bug: 72472544
This reverts commit 07efe37c5f.
Reason for revert: The selinux denial is no longer reproducible.
Test: Presubmit builds
Change-Id: I79d18743171315401401c1b06b3f97d837bf500f
Sepolicy for linkerconfig generator and ld.config.txt file from
generator
Bug: 135004088
Test: m -j & tested from device
Change-Id: I2ea7653a33996dde67a84a2e7a0efa660886434a
gsid creates loop devices when it cannot use device-mapper. This can
occur when images are split into multiple files (for example, FAT32) or
when a device is unencrypted, or FBE without metadata encryption. In
addition to accessing /dev/loop-control and loop devices, it also needs
LOOP_SET_DIRECT_IO and LOOP_SET_BLOCK_SIZE to optimize writes.
Bug: 134536978
Test: gsi_tool install works on crosshatch with metadata encryption
disabled
Change-Id: I3f0aee1d0757e4b299deee74a8c1077846d56292
ircs is not specific enough. There will be multiple services in the
future with ircsmessage used specificially for message store.
Test: compile, tests
Change-Id: Ia7d57e6900c733408be26d6520aa46c512229248
There was some plan to use binder from init, but it was abandoned. As
ServiceManager was recently re-written in C++, and as part of a
continued effort to reduce large dependencies in init and make sure it
is reliable, I'm removing these here.
Bug: 135768100
Test: N/A
Change-Id: I12b57709399c87ee25f689b601572b19abf7fb00
The audio HAL service name previously contained the audio HAL version
of the first audio HAL it supported.
Nevertheless, the same service can and do host all audio HAL versions.
Aka there is only one audio HAL service, and the version in its name is
technical dept and should not be changed.
This caused many confusions during vendor HAL upgrade as the
service version number was erroneously updated leading to
device boot loop.
The new service name is:
android.hardware.audio.service
The old one was:
android.hardware.audio@2.0-service
Keeping both names valid as most phones will not rename
the service immediately.
Bug: 78516186
Test: boot & check the audio HAL is up with the old and new name
Change-Id: I2ce0182fd919af6eb8325d49682b4374be00344e
Signed-off-by: Kevin Rocard <krocard@google.com>
There is no reason to deny dumpstate from reading /data/misc/logd on
user builds. Logpersist is disallowed from running on those builds,
so there is no harm in copying this directory.
Bug: 136978224
Test: build
Change-Id: Ia58bde10e1f45978975597cd2ea1951a784d3b49
Test: Pass a not cil file to version_policy and see no crash appeared.
example: out/host/linux-x86/bin/version_policy -b `which ls` -m -n 10000.0 -o target
Change-Id: If2b950a02dd94a4813b74377617f90c7a75a9f27
Signed-off-by: liwugang <liwugang@xiaomi.com>
This reverts commit e47d2365a8.
Reason for revert: Original CL was not the cause of the breakage. It went green before this revert landed. https://android-build.googleplex.com/builds/branches/aosp-master/grid?
Original CL went in 5695273.
Went green in 5695399.
Revert went in 5695588.
Change-Id: Ie4d7065fe7d3c58cdff99c2b7d76b50b941895bb
This reverts commit 0c0ba46192.
Reason for revert: <Broken build 5695273 on aosp-master on aosp_x86_64-eng>
Change-Id: I763f19aa5b72f2e1aaebbc78bb8ab3020c3d2a7b
In order to show licensing information, we need to read it from
an asset stored in the .apex file.
Bug: 135183006
Test: Manual; settings can access apex files stored on /data
Change-Id: I71fbde6e295d9c890c9b9b0449e5150834a6680e
This will allow Perfetto to capture GPU frequency changes
on the target, which is useful to graphics developers
using Perfetto to profile graphics HW usage.
Bug: 136062452
Change-Id: Idb7870b2f674f1359ef3b4487dbeff190b394248
