Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1499c60e3d6c6c9fbe2e3f30f097f83b1e837c1c
Merged-In: I1499c60e3d6c6c9fbe2e3f30f097f83b1e837c1c
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.
Test: No selinux denials
Bug: 78793464
Change-Id: I80c54d4eaf3b94a1fe26d2280af4e57cb1593790
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.
Test: No selinux denials
Bug: 78793464
Change-Id: I1f97659736429fe961319c642f458c80f199ffb4
/cache/overlay directory in support of overlayfs mounts on userdebug
and eng devices. Overlayfs in turn can be capable of supporting
adb remount for read-only or restricted-storage filesystems like
squashfs or right-sized (zero free space) system partitions
respectively.
Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: I3ece03886db7cc97f864497cf93ec6c6c39bccd1
Like /system and /product, /product-services will contain apps that
should have the same privileges as the one in other system partitions.
Bug: 80741439
Test: successfully tested e2e on two devices, one with
/product-services partition and another with /product-services
symlinking to -> /system/product-services
Change-Id: Ieee7a9a7641a178f44bb406dbdef39ed46713899
apns downloaded will enter a new directory that
TelephonyProvider can access.
Bug: 79948106
Test: Manual
Change-Id: I1e7660adf020dc7052da94dfa03fd58d0386ac55
shipping API version:
For devices shipped on O-MR1 nothing changes, data is stored
under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store fingerprint data under
/data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: Ibc7cc33b756f64abe68a749c0ada0ca4f6d92514
Merged-In: Ibc7cc33b756f64abe68a749c0ada0ca4f6d92514
Test: manually
(cherry picked from commit 6116daa71a)
Introduce a standalone live-lock daemon (llkd), to catch kernel
or native user space deadlocks and take mitigating actions.
Test: llkd_unit_test
Bug: 33808187
Bug: 72838192
Change-Id: If869ecd06e5ce7b04bba1dafd0a77971b71aa517
Create a new label for /data/system/dropbox, and neverallow direct
access to anything other than init and system_server.
While all apps may write to the dropbox service, only apps with
android.permission.READ_LOGS, a signature|privileged|development
permission, may read them. Grant access to priv_app, system_app,
and platform_app, and neverallow access to all untrusted_apps.
Bug: 31681871
Test: atest CtsStatsdHostTestCases
Test: atest DropBoxTest
Test: atest ErrorsTests
Change-Id: Ice302b74b13c4d66e07b069c1cdac55954d9f5df
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
Merged-In: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
(cherry picked from commit ad6231f546)
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: Ibd71219f60644e57370c0293decf11d82f1cb35c
Merged-In: Ibd71219f60644e57370c0293decf11d82f1cb35c
(cherry picked from commit 1f717b1001)
Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I087292fb23d05fc17272778d668ac78a721b2593
Merged-In: I087292fb23d05fc17272778d668ac78a721b2593
(cherry picked from commit bae1517a58)
This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
- BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy
Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.
Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
Merged-In: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
(cherry picked from commit 45457e3a2b)
This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
- BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy
Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.
Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
Sub directories under /odm (or /vendor/odm when there isn't an odm
partition) are labeled so that artifacts under the sub directories are
treated the same as their counterpart in the vendor partition.
For example, /odm/app/* is labeled as vendor_app_file just like
/vendor/app/*.
Bug: 71366495
Test: m -j
Merged-In: I72a14fd55672cd2867edd88ced9828ea49726694
Change-Id: I72a14fd55672cd2867edd88ced9828ea49726694
(cherry picked from commit 2f1015512d)
Sub directories under /odm (or /vendor/odm when there isn't an odm
partition) are labeled so that artifacts under the sub directories are
treated the same as their counterpart in the vendor partition.
For example, /odm/app/* is labeled as vendor_app_file just like
/vendor/app/*.
Bug: 71366495
Test: m -j
Change-Id: I72a14fd55672cd2867edd88ced9828ea49726694
The webview_zygote is now launched as a child-zygote process from the
main zygote process.
Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
renders correctly via the WebView.
Merged-In: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
Change-Id: I153476642cf14883b0dfea0d9f5b3b5e30ac1c08
This required for kernel to do loopback mounts on filesystem
images created by the kernel system call tests in LTP.
Add a corresponding neverallow to stop all domains from accessing
the location at /data/local/tmp/ltp.
Bug: 73220071
Test: Boot sailfish successfully
Test: run vts-kernel -m VtsKernelLtp -t syscalls.fchown04
Change-Id: I73f5f14017e22971fc246a05751ba67be4653bca
Signed-off-by: Sandeep Patil <sspatil@google.com>
The webview_zygote is now launched as a child-zygote process from the
main zygote process.
Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
renders correctly via the WebView.
Change-Id: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
