Defined a new signal intended to allow the system to reboot
the audio/soundtrigger HAL process.
Fixes: 153461865
Test: See main change in topic
Change-Id: I1e4a770670bb1274fa6a23cd0641f2554d4679f7
Merged-In: I1e4a770670bb1274fa6a23cd0641f2554d4679f7
Bug: 150130660
Test: Took a trace with Traceur and verified mm_event records
were included when the memory category was enabled.
Merged-In: I5e783fbbe91dbe330b49fb11cd7d32ac820e7a5c
Change-Id: I5e783fbbe91dbe330b49fb11cd7d32ac820e7a5c
(cherry picked from commit 45be3aa649)
Functionally this is a no-op change.
This is a cherry-pick of 356b98d552.
Bug: 152976928
Change-Id: If4c0c6c74e60cc84f4adedfd430b385795cd15eb
Merged-In: If4c0c6c74e60cc84f4adedfd430b385795cd15eb
blank_screen can not find and use the lights HAL if it cannot use the servicemanager. This
broke turning off the display during shutdown.
Test: adb root; adb shell setenforce 0; adb shell setprop ctl.start blank_screen
Test: adb logcat -b all | grep 'denied'
Fix: 151363454
Merged-In: I6aff1cb71f805637abc79493ba2574143c5cf7cf
Change-Id: I6aff1cb71f805637abc79493ba2574143c5cf7cf
This is a cherry-pick 487bf1c5ff.
Bug: 151140716
Change-Id: I821d1a504e6ffcea3a52e2c76bf2290e7b382a48
Merged-In: I821d1a504e6ffcea3a52e2c76bf2290e7b382a48
There is no change in behavior. These denials were already
being blocked.
Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
Merged-In: Iffd1e5ba42854615eeea9490fe9150678ac98796
(cherry picked from commit 67896eef07)
This CL addresses the following denial, when the system_other
partition is erased. This happens when 1) the device gets an
OTA update and 2) factory reset to wipe userdata partition.
Note that the system_other partition will be mounted under
/postinstall only in the first boot after factory reset.
Also, system_other.img is only included in the factory ROM and
is absent in the OTA package. When it is absent and userdata
is wiped, the mount will fail and triggers the following denials
when both cppreopts.sh and preloads_copy.sh access /postinstall dir.
SELinux denials to address:
avc: denied { search } for comm="find" name="postinstall" dev="dm-5"
ino=44 scontext=u:r:preloads_copy:s0
tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0
avc: denied { search } for comm="cppreopts.sh" name="postinstall" dev="dm-5"
ino=44 scontext=u:r:cppreopts:s0
tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0
Bug: 152453231
Test: fastboot erase system_other (e.g., system_b) and fastboot -w
Change-Id: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944
Merged-In: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944
(cherry picked from commit 35c2f102f2)
Three properties are declared as vendor-init-settable:
ro.media.xml_variant.codecs
ro.media.xml_variant.codecs_performance
ro.media.xml_variant.profiles
media_codecs.xml can now be named
media_codecs${ro.media.xml_variant.codecs}.xml
media_codecs_performance.xml can now be named
media_codecs_performance${ro.media.xml_variant.codecs_performance}.xml
media_profiles_V1_0 can now be named
media_profiles${ro.media.xml_variant.profiles}.xml
Test: Rename "media_codecs.xml" to "media_codecs_test.xml",
set ro.media.xml_variant.codecs to "_test", then
call "stagefright -i".
Test: Rename "media_codecs_performance.xml" to
"media_codecs_performance_test.xml",
set ro.media.xml_variant.codecs_performance to "_test", then
run android.media.cts.VideoDecoderPerfTest.
Test: Rename "media_profiles_V1_0.xml" to "media_profiles_test.xml",
set ro.media.xml_variant.profiles to "_test", then
run vts_mediaProfiles_validate_test.
Bug: 142102953
Change-Id: I407a0a327fcc8e799bb4079b11048a497565be48
Merged-In: I407a0a327fcc8e799bb4079b11048a497565be48
This property type represents properties used in CTS tests of userspace
reboot. For example, test.userspace_reboot.requested property which is
used to check that userspace reboot was successful and didn't result in
full reboot, e.g.:
* before test setprop test.userspace_reboot.requested 1
* adb reboot userspace
* wait for boot to complete
* verify that value of test.userspace_reboot.requested is still 1
Test: adb shell setprop test.userspace_reboot.requested 1
Bug: 150901232
Change-Id: I45d187f386149cec08318ea8545ab864b5810ca8
See discussion in aosp/1233645. There was a concern about this
filesystem automounting when enabled, so this change adds sepolicy to
preemptively lock it down.
I'm not confident it actually automounts. If it does, it'll land in
/sys/kernel/security, which is also protected with the sysfs policy.
Test: Builds
Bug: 148102533
Change-Id: I78a246a5c18953f2471f84367ab383afb2742908
Merged-In: I78a246a5c18953f2471f84367ab383afb2742908
For system prop flags from DeviceConfig namespace "Configuration".
Test: Build and run on local device
Bug: 149420506
Change-Id: If4196b4bf231e7c52f98b92cc0031a08dad06120
Merged-In: If4196b4bf231e7c52f98b92cc0031a08dad06120
This is useful for tools like dumpsys, so that they work on all services
equally as well. Also, so that there is no difference with the regular
service manager.
Bug: 150579832
Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager'
Test: denial is no longer present:
03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0
Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
(cherry picked from commit 52a96cc7dd)
This change updates sepolicies for automotive display service to make it
available to the vendor processes.
Bug: 149017572
Test: m -j selinux_policy
Change-Id: I48708fe25e260f9302e02749c3777c0ca0d84e4b
Signed-off-by: Changyeon Jo <changyeon@google.com>
(cherry picked from commit 17b38d526d)
* allow shell to enable/disable the daemon via a sysprop
* don't audit signals, as some denials are expected
* exclude zygote from the profileable set of targets on debug builds.
I've not caught any crashes in practice, but believe there's a
possibility that the zygote forks while holding a non-whitelisted fd
due to the signal handler.
Bug: 144281346
Merged-In: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1
Change-Id: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1
(cherry picked from commit 008465e5ec)
This fixes a bug introduced in aosp/1143430 where the permission
should have been included for the newly introduced
ashmem_libcutils_device type.
Test: Build
Fixes: 150193534
Change-Id: I5b1ed8d9548f9dab4ad9373f98e21614c07c3d38
(cherry picked from commit 789ebf03ba)
This is to allow adding the Tuner Resource Manager as a system service
Test: cuttlefish
Bug: 147380513
Change-Id: I3f61f2542c7fd934bb69dde08079f830196e2344
(cherry picked from commit 3791549dc4)
