This patch allows system server to read media config properties.
On 32bit architectures the StorageManager service in system server
needs to access media config while checking if transcoding is supported.
Bug: 276498430
Bug: 276662056
Change-Id: Ifc008d98b893b099c31c1fc8b96de9ed18dd4fbe
Signed-off-by: Slawomir Rosek <srosek@google.com>
This appears to be an oversight in T sepolicy???
Based on observed logs (on a slightly hacked up setup):
04-04 20:38:38.205 1548 1935 I Nat464Xlat: Stopping clatd on wlan0
04-04 20:38:38.205 1548 1935 I ClatCoordinator: Stopping clatd pid=7300 on wlan0
04-04 20:38:43.408 1548 1548 W ConnectivitySer: type=1400 audit(0.0:8): avc: denied { sigkill } for scontext=u:r:system_server:s0 tcontext=u:r:clatd:s0 tclass=process permissive=0
04-04 20:38:43.412 1548 1935 E jniClatCoordinator: Failed to SIGTERM clatd pid=7300, try SIGKILL
04-04 20:39:27.817 7300 7300 I clatd : Shutting down clat on wlan0
04-04 20:39:27.819 7300 7300 I clatd : Clatd on wlan0 already received SIGTERM
04-04 20:39:27.830 2218 2894 D IpClient/wlan0: clatInterfaceRemoved: v4-wlan0
04-04 20:39:27.857 1548 1935 D jniClatCoordinator: clatd process 7300 terminated status=0
I think this means SIGTERM failed to work in time, and we tried SIGKILL and that was denied, and then the SIGTERM succeeded?
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia55ebd812cb9e7062e3cb10d6cb6851638926868
Commit 22fb5c7d24 migrated from property
types to attributes in some Microdroid rules, but omitted to
associated the attribute with the relevant types. So we fix that.
Bug: 274530433
Bug: 275469579
Bug: 276895565
Test: Will schedule a test run
Change-Id: I11194be9d1e352fa456c24a3b5784c18ccc03a69
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.
Bug: 274530433
Test: Locally added some code to set those properties and saw it being
successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
Introduce hypervisor-generic type for VM managers:
vm_manager_device_type.
Bug: 274758531
Change-Id: I0937e2c717ff973eeb61543bd05a7dcc2e5dc19c
Suggested-by: Steven Moreland <smoreland@google.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Adds persist.sysui.notification.builder_extras_override property
and associated permissions, which will be used to flag guard
a change in core/...Notification.java.
Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because Notification.java
is a core library), but setting should only be possible
internally (and via debug shell).
Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d
We are changing the --save-for-bugreport feature and moving
the file opening/write from the traced service to the perfetto
cmdline client.
This is as part of a bigger refactor to simplify the API surface
in view of non-destructive snapshots of trace buffers.
Add matching sepolicies to perfetto.te
Bug: 260112703
Test: atest perfetto_integrationtests --test-filter '*PerfettoCmdlineTest*'
Change-Id: Ic1dd6b1bf3183f6b7fb551859e35cae950676ffb
This is so that we can potentially verify that things
are setup right.
Test: TreeHugger
Bug: 275209284
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59a49cbece2710345fff0b2fb98e32f4e5f3af44
In commit 7ba4801, the execute permission for all isolated_app was
removed. Grant access to isolated_compute_app which requires it.
The new treble test TestIsolatedAttributeConsistency is updated to
capture the new permission. See b/275263760.
Bug: 265960698
Bug: 275024392
Bug: 275263760
Test: atest CtsVoiceInteractionTestCases:android.voiceinteraction.cts.VoiceInteractionServiceTest
Change-Id: Ide27a7e351e8f53b0f5b1ad918a508d04ef515a1
We still had policy for devices which do not currently exist in
Microdroid. Remove the unused types and all references to them in the
policy, since they have no effect and just bloat the policy.
While I'm here, delete all the bug_map entries. We don't use the
bug_map in Microdroid, and this is just an outdated snapshot from host
policy.
Bug: 274752167
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I3ab90f8e3517c41eff0052a0c8f6610fa35ccdcb
EVS Display HAL needs to access graphics related properties to configure
a pipeline to render the contents of graphics buffers.
Bug: 274695271
Test: m -j selinux_policy
Change-Id: I97a8a3f35f7118325cff9a8ae69485c0f73fe17f
We want to allow both the VM and ART to contribute to the VM config
(e.g. memory size), so define labels for 2 sets of properties and
grant the necessary access.
Bug: 274102209
Test: builds
Change-Id: Iaca1e0704301c9155f44e1859fc5a36198917568
Needed when using com.android.tethering.inprocess with
flattened APEX.
Bug: 273821347
Test: trybot
Change-Id: Iae6d9547922575398c634433dc07b2e46fbffd8e
Bug: 265960698
Test: flash, boot and use Chrome; no denials related to isolated_app
Test: crash Chrome using chrome://crash; no new denials from
isolated_app
Test: atest CtsWebkitTestCases
Change-Id: I0b9e433eb973a5e99741fc88be5e13e9704c9c9e
