This reverts commit e47d2365a8.
Reason for revert: Original CL was not the cause of the breakage. It went green before this revert landed. https://android-build.googleplex.com/builds/branches/aosp-master/grid?
Original CL went in 5695273.
Went green in 5695399.
Revert went in 5695588.
Change-Id: Ie4d7065fe7d3c58cdff99c2b7d76b50b941895bb
This reverts commit 0c0ba46192.
Reason for revert: <Broken build 5695273 on aosp-master on aosp_x86_64-eng>
Change-Id: I763f19aa5b72f2e1aaebbc78bb8ab3020c3d2a7b
In order to show licensing information, we need to read it from
an asset stored in the .apex file.
Bug: 135183006
Test: Manual; settings can access apex files stored on /data
Change-Id: I71fbde6e295d9c890c9b9b0449e5150834a6680e
This property will be set by system_server (to indicate the currently
selected theme for device), and can be accessed by vendor init.rc.
avc: denied { read } for property=persist.sys.theme pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:theme_prop:s0 tclass=file
Bug: 113028175
Test: Set a vendor init trigger that waits on `persist.sys.theme`. Check
that the trigger fires without denial.
Change-Id: Ia85b1a8dfc118efdbb9337ca017c8fb7958dc386
Merged-In: Ibb4e392d5059b76059f36f7d11ba82cd65cbe970
(cherry picked from commit 75182a1ea6)
Steps taken to produce the mapping files:
1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.
2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.
Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I863429d61d3fad0272c1d3f1e429cd997513a74a
Merged-In: I3e091652fa8d1757b1f71f7559186d5b32f000d5
Steps taken to produce the mapping files:
1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.
2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.
Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I59f6251e9baa6527a358dec024e9fae62388db2b
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. init now performs this check during startup.
The self-test is forked from init. For the child process
to be able to request a reboot it needs permissions to
set the sys.powerctl property.
Bug: 119826244
Test: Built for walleye. When the BoringSSL self test was forced
to fail the device rebooted into the bootloader, as
expected.
Change-Id: I2108bf6c345a5804ebd1e2206f9b8fde21a58e64
Merged-In: I4171b1dd0a5e393252ae5c002171ac51c9cbb3e6
Create the system property ro.gfx.angle.supported that indicates if the
device supports ANGLE. The current planned use of this property is to
allow CTS to validate ANGLE functionality if the device indicates ANGLE
is supported.
Bug: 80239516
Test: Flash the build and verify the property is 'false' for marlin.
Test: Flash the build and verify the property is 'true' for walleye.
Change-Id: I00387db9ade34152f79d75453ea17d5ea7b063cd
Historically most uses of atrace happen via the shell domain.
There are two exceptions:
- boot tracing
- traced_probes
We need to get feature parity, so atrace has the same behavior
when is invoked either via shell or from its own domain (e.g.
via traced_probes that has an auto_trans rule into atrace on exec).
Atrace works by setting system properties to enable tracing from userspace
then poking all the binder services to read the system properties (see [1]) so
enabling the system_server category requires the ability to call binder
methods on the system_server.
For more use cases see b/113127224
[1]: 9ead54bed6/cmds/atrace/atrace.cpp (545)
Bug: 113127224
Test: Add an atrace category to the Perfetto config and confirm the data
shows up.
Cherry-picked from aosp/747608
Change-Id: Id077eff960ffb1cdd7b0ce84b21ac9ef70444a4a
Merged-In: Id077eff960ffb1cdd7b0ce84b21ac9ef70444a4a
Steps taken to produce the mapping files:
1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng
2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.
Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
When we have wide color gamut content, SurfaceFlinger might want to send a
PowerHint through Power Hal to boost GPU to higher frequency, to make sure GPU
composition can finish in time.
BUG: 110112323
Test: adb shell cat /sys/class/kgsl/kgsl-3d0/devfreq/cur_freq
Change-Id: If60c13aedc4ff84eaefd3430794dc15a478c5a73
(cherry picked from commit 02be5975d6)
This property is read by the audio service in system server to toggle camera shutter sound
enforcement on a device-specific basis.
Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
Apps targeting API version 28+ are not allowed to access:
/proc/xt_qtaguid/*
/dev/xt_qtaguid
Instant apps should also be excluded from access.
Fixes: 92796393
Test: make -j cts_instant
cts-instant-tradefed run commandAndExit cts-instant-dev \
-m CtsPermissionTestCases \
--test android.permission.cts.FileSystemPermissionTest
Change-Id: Ifa27f6a3fad9227d4df1bf50a5120a4c36422ff7
Merged-In: I7e49f796a25cf68bc698c6c9206e24af3ae11457
This was defined, but it had no users in the Android tree.
Because of this, ODM manifests required extra sepolicy to be applied
in vendor. Before this, there was no policy split, so that was okay,
but now it is impossible.
Bug: 91735839
Test: add an odm manifest for SE conditional on
a system property (ro.boot.product.hardware.sku)
and make sure it is read into the manifest (using
the vintf tool) and also that a client can get the
$ lshal | grep secure
Y android.hardware.secure_element@1.0::ISecureElement/SIM1 0/2 881 2262 567
Change-Id: I94a2928943be6a17416b8bbd78106809c0c21198
We are not forbidding system_writes_vendor_properties_violators in P,
i.e. this neverallow rule is not strictly enforced.
Bug: 80466516
Bug: 78598545
Test: build policy
Change-Id: Iaf0ebbd2b27adf8c48082caa874e53f32bf999fc
The attribute is used to capture system properties added from outside of
AOSP (e.g. by OEM), but are not device-specific and thus are used only
inside the system partition.
Access to the the system properties from outside of the system partition
is prevented by the neverallow rule.
Bug: 80382020
Bug: 78598545
Test: m -j selinux_policy
Change-Id: I22c083dc195dab84c9c21a79fbe3ad823a3bbb46
