This binder call is needed because we want to migrate
libstatspull to use StatsManagerService instead of Statsd
The binder call to statsd can be removed after the migration.
Test: m -j
Bug: 148641240
Change-Id: Id1387a2cbe74ba8d84f4973c6e4d17c5e0b88009
Add a new entry for use_content_detection_for_refresh_rate that will
eventually replace the deprecated use_smart_90_for_video
Change-Id: Iffe83fe0c7620f661228452495a02922f9662406
Test: play video and observe refresh rate
The binder's methods are protected by signature
permissions (LOG_COMPAT_CHANGE, READ_COMPAT_CHANGE_CONFIG and
OVERRIDE_COMPAT_CHANGE_CONFIG).
This is a re-landing of https://r.android.com/1210143, which was
reverted due to http://b/142942524. The actual fix was done in
http://ag/10234812.
Bug: 142650523
Test: atest PlatformCompatGatingTest
Change-Id: Ibddac8933ea58d44457a5d80b540347e796ebe71
Dumpstate runs 'df', which in turn tries to get attributes on all
mounted filesystems. We don't care much for stats on /mnt/user, since
it's simply a mapping of /data. /mnt/installer is simply a bind mount of
/mnt/user, and we don't need to show that in df either.
Bug: 148761246
Test: atest
CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie71b9cde08eb08bd3a7a3e2659ea71c61ca5ab3b
adbd started calling shutdown and waiting for EOF before closing
sockets in commit 74b7ec72, because closing a TCP socket while you have
pending data to read is specified to send a TCP RST to the other end,
which can result in data that we've written into the socket to be
prematurely thrown away on the other end. Not being able to do so on a
Unix domain socket is benign, aside from the denial showing up in the
log.
Fixes the following selinux denial when installing a package:
avc: denied { shutdown } for scontext=u:r:adbd:s0 tcontext=u:r:shell:s0 tclass=unix_stream_socket permissive=0
Test: manual
Change-Id: I266092a8323ac02bfe96738a8f4a8021f3a10387
This fixes a bug where a directory's label was removed, causing it to
be unlabeled, and we crashed on trying to set its encryption policy.
Fixes: 148923156
Test: Successfully update from build with the deleted label.
Change-Id: I69c3707e3e66d9e44a22b0783d3016c8ddab6b8f
This binder call is needed because we want to migrate
libstatspull to use StatsManagerService instead of Statsd
The binder call to statsd can be removed after the migration.
Test: m -j
Bug: 148641240
Change-Id: If6cf7eb77aa229751c44e5291d49f05177dbb8dd
Add a filegroup for extservices so that it can be shared between the main
extservices apex and the one used for testing.
Bug: 138589409
Test: Manually
Change-Id: I2cca8a583b2aa72c8c29a32dd839fe599300b40f
Only write snapshotctl_log_data_file for userdebug_or_eng.
Test: boot, still see log
Bug: 148818798
Change-Id: I03e979efd65e3992bd8ef30e6408768a14aa1de2
recovery is excluded because it is not an interesting code
path.
Test: apply OTA, cancel, delete OTA states, then apply again
to trigger CancelUpdate() code path, see logs
Bug: 148818798
Change-Id: I3baac977af54ac0a09c9b732fd172469c9f51627
This is a domain for the MediaProvider mainline module. The
MediaProvider process is responsible for managing external storage, and
as such should be able to have full read/write access to it. It also
hosts a FUSE filesystem that allows other apps to access said storage in
a safe way. Finally, it needs to call some ioctl's to set project quota
on the lower filesystem correctly.
Bug: 141595441
Test: builds, mediaprovider module gets the correct domain
Change-Id: I0d705148774a1bbb59c927e267a484cb5c44f548
To include linkerconfig results into dumpstate, dumpstate needs extra
permission on lnkerconfig directory to search all items within the
directory. This change allows dumpstate to have extra access on
linkerconfig directory.
Bug: 148840832
Test: tested from cuttlefish
Change-Id: I955b54ec2cc3d1dcedaa34406e0e0776b6ac12f6
dumpstate creates an error log from CTS test because dumpstate does not
have access to linkerconfig directory. As df doesn't need to scan
linkerconfig directory, do not audit this directory in dumpstate
to get attributes.
Bug: 148760417
Test: m -j passed
Test: No sepolicy error from correspoding test
Change-Id: I3c1c3a489584450bd23fbce2d7cc9b09aaf9c002
This reverts commit d5a0edd75e.
Reason for revert: CTS failure
There are apps that relies on SELinux regulations to constrain their access. We'll need to analyze them before introducing the sepolicy.
Bug: 147695658
Change-Id: Ic57fcb90371b50a978ab7b2e0d20c4cb3d2da7f6
Test: cts-tradefed run cts -m CtsPermissionTestCases
Setting files and dirs under /data/incremental as apk_data_file, so that
they will have the same permissions as the ones under /data/app.
Current layout of the dirs:
1. /data/incremental/[random]/mount -> holds data files (such as base.apk) and
control files (such as .cmd). Its subdirectory is first bind-mounted to
/data/incremental/tmp/[random], eventually bind-mounted to
/data/app/~~[randomA]/[packageName]-[randomB].
2. /data/incremental/[random]/backing_mount -> hold incfs backing image.
3. /data/incremental/tmp/[random] -> holds temporary mountpoints (bind-mount targets)
during app installation.
Test: manual
Change-Id: Ia5016db2fa2c7bad1e6611d59625731795eb9efc
These properties are owned by system, but is configurable
in vendor partition.
Test: apply OTA
Bug: 148569015
Change-Id: I24baa981d1f850cd18a3429f6e0a4efd31a8570d
In order to track time in state data using eBPF, system_server needs
to be able to attach BPF programs to tracepoints, which involves:
- calling perf_event_open and the PERF_EVENT_IOC_SET_BPF ioctl
- running BPF programs
- reading tracepoint ids from tracefs
Grant system_server the necessary permissions for these tasks
Test: modify system_server to try to attach programs; check for
denials
Bug: 138317993
Change-Id: I07dafd325a9c57d53767a09d4ca7b0fb2dd2d328
Signed-off-by: Connor O'Brien <connoro@google.com>
These ioctls are required to set a default project quota ID on
/data/media.
Bug: 146419093
Test: verified chattr call from rootdir/init.rc
Change-Id: I0c9028e0a6502302fe81a73dfa087261a36d9863
