This reverts commit a6a3726ed2.
Reason for revert: Breaks an internal build (see b/329217616)
Bug: 329217616
Bug: 296875906
Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa
Without this check, a release build may accidentally include additional
public types and attributes after "freeze".
Also this adds a detailed error message for how to fix.
Bug: 296875906
Test: manual
Change-Id: Iabc6bc8c8616089207acfff8ec4f05445fe7b2b3
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251
Change-Id: Ifd4ff576bc75fc28139c5e1d0df36a5ada7ce1dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251
Change-Id: I5a57c156e591a5bed9c65787300c29c342907bf2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This change adds rules for system properties "sys.snapshotctl.map" and
"sys.snapshotctl.unmap", for controlling snapshotctl.
This change also adds the missing rules for snapshotctl to perform its
job. Initially, the rules for snapshotctl were added by
http://r.android.com/1126904, for running snapshotctl through init
(http://r.android.com/1123645). However, the trigger was then removed by
http://r.android.com/1239286. Since then, snapshotctl can be only run by
the root shell, in which case it is run in the "su" domain, so the rules
are not tested and therefore get stale over time. To make snapshotctl
function properly when run by init, we need to add the missing rules.
Bug: 311377497
Test: adb shell setprop sys.snapshotctl.map requested
Test: adb shell setprop sys.snapshotctl.unmap requested
Change-Id: I304be6e1825a6768f757d74b3365c4d759b9d07e
Bug: 327954176
Test: m treble_sepolicy_tests_202404
Test: m 202404_compat_test
Test: m selinux_policy
Change-Id: I6bdcbff305c0cc998bdd809006feb02e0609784d
Denials for this can cause local test failures.
The access is harmless, and is allowed in the host, so we also allow
it in the guest. And adbd does have a legitimate use for the access.
Bug: 328753027
Test: atest MicrodroidHostTests
Run repeatedly on my test device
Change-Id: Ic2e991122527ae9a22babb417ad90f2ceb8d15fc
This defines the kcmdline_prop context for properties controlled by
kcmdlinectrl, and defines a property called kcmdline.binder for
switching between the Rust and C implementations of the Binder driver.
It is intended that additional kcmdline properties introduced in the
future would share the same kcmdline_prop context.
Test: Verified that setprop/getprop work and that the value is loaded properly at boot
Bug: 326222756
Change-Id: Iea362df98d729ee110b6058c6e5fa6b6ace03d8e
Follow up of aosp/2849357 and aosp/2849358. Tests related to the
removed file_context objects should also be removed
Bug: 161776767
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Change-Id: Id986b739cc81af91aadf8853d685d41ad4238292
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 99a4cbcee7 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2983718
Change-Id: Id6e863be8adeb1f2c35b31ac7336d8b3b0cd800d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 99a4cbcee7 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2983718
Change-Id: I9f31a1c6be5825173d96e45f417332262cbaef84
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This change updates neverallow list to allow accessing udp
sockets from hal_bluetooth_server.
Bug: 305104428
Bug: 328147587
Change-Id: Ic1d80c7cb1aa62969b541ee30686afd57ec51fb0
(cherry picked from commit 3a739f9bed)
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.
Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
(cherry picked from commit f0ba322926)
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635
Change-Id: I8f3e6e956b3481c98c42f7119a84e6a7b6e00967
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635
Change-Id: I98965df2edfec7ca4c17b420b29f243524f6996f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635
Change-Id: I325e645ddeeb165617ff7ee2199f0751b56fee76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635
Change-Id: If132bed3272ba8445ba3c9ba131ddc4b5926d7cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>