This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot an existing device
Change-Id: I53a9715b2f9ddccd214f4cf9ef081ac426721612
This allows to format sdcard for adoptable storage.
Bug: 69641635
Change-Id: I8d471be657e2e8f4df56c94437239510ca65096e
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Corresponds to commit 410cdebaf966746d6667d6d0dd4cee62262905e1 in
system/extras.
Bug: 32286026
Test: m
Change-Id: I1e0934aa5bf4649d598ec460128de6f02711597f
This is needed in order to get the stat-size of the files.
Bug: 30934496
Test: gts-tradefed -m GtsAndroidRuntimeManagerHostTestCases
Change-Id: I1df0ba941e8f9ff13a23df4063acc3c4f1555c1b
/proc/uid/ provides the same per-uid time_in_state data as
/proc/uid_time_in_state, so apply the same type and let system_server
read directories of this type.
Bug: 66953705
Test: system_server can read /proc/uid/*/time_in_state files without
denials on sailfish
Change-Id: Iab7fd018c5296e8c0140be81c14e5bae9e0acb0b
Signed-off-by: Connor O'Brien <connoro@google.com>
Allow system_server to open profile snapshots for read.
System server never reads the actual content. It passes the descriptor to
to privileged apps which acquire the permissions to inspect the profiles.
Test: installd_dexopt_test
Bug: 30934496
Change-Id: I1d1f07a05261af25f6640040af1500c9a4d5b8d5
9b2e0cbeea changed all uses of capability
to global_capability_class_set but accidentally omitted one entry.
Fix the one entry.
Test: policy compiles.
Change-Id: I1bb8c494a2660d9f02783c93b07d4238a2575106
In P, we will be supporting privileged apps in vendor partition, thus
need to label /vendor/priv-app as vendor_app_file so that apps can exist
under the dir.
Bug: 35301609
Test: N/A since there is no /vendor/priv-app yet. Framework change
which is currently in the internal is required.
Change-Id: I86a765ef9da5267113e64a7cbb38ba0abf5c2835
In kernel 4.7, the capability and capability2 classes were split apart
from cap_userns and cap2_userns (see kernel commit
8e4ff6f228e4722cac74db716e308d1da33d744f). Since then, Android cannot be
run in a container with SELinux in enforcing mode.
This change applies the existing capability rules to user namespaces as
well as the root namespace so that Android running in a container
behaves the same on pre- and post-4.7 kernels.
This is essentially:
1. New global_capability_class_set and global_capability2_class_set
that match capability+cap_userns and capability2+cap2_userns,
respectively.
2. s/self:capability/self:global_capability_class_set/g
3. s/self:capability2/self:global_capability2_class_set/g
4. Add cap_userns and cap2_userns to the existing capability_class_set
so that it covers all capabilities. This set was used by several
neverallow and dontaudit rules, and I confirmed that the new
classes are still appropriate.
Test: diff new policy against old and confirm that all new rules add
only cap_userns or cap2_userns;
Boot ARC++ on a device with the 4.12 kernel.
Bug: crbug.com/754831
Change-Id: I4007eb3a2ecd01b062c4c78d9afee71c530df95f
