This is in prevision of future `dex2oat` feature / experiments flags
set in namespaces `runtime_native` and `runtime_native_boot`.
In Android S, ART is becoming an updatable Mainline module (which will
include `dex2oat`). In the future, we may want to run experiments or
test new features using the Android Experiments framework. Such
experiments/features are enabled via feature flags, implemented as
Android system properties for native code.
To be able to read such properties, we need to give the read
permission to the relevant binaries. At the moment, this can only be
done in the SELinux policy of the Android platform, which cannot be
updated via a Mainline update. To give us the opportunity to conduct
such experiments in `dex2oat` via an ART Mainline Module update after
Android S has shipped (e.g. by having `dex2oat` query a system
property in `persist.device_config.runtime_native.*` ), we need to
have this permission set in the Android S platform now.
Test: mmma system/sepolicy
Change-Id: I0a83e9f0ec19884a99ef9693d55084376bff8762
This allow the device_state binder service to be exposed
as a TestApi and a SystemApi to allow usage in CTS and
system applications.
Test: Build, flash, and query device_state service
Bug: 177236115
Bug: 177235528
Change-Id: Ia9f306b8c242e8e754b201f349c274b4ce78dad9
We're adding support for counting and/or sampling on the static kernel
tracepoints in traced_perf (via perf_event_open). This requires traslating
a human-readable tracepoint name to its id for the running kernel.
For that, we need to read the "id" files like:
/sys/kernel/tracing/events/sched/sched_switch/id
While the current implementation should only need "file r_file_perms",
as it constructs the full path to the id file, I've also added the
directory-level rule to allow for a possible change in implementation,
as we might want to enumerate all available events ahead of time, which
would require listing the tracefs events/ dir.
The changed neverallow macro was a copypaste mistake.
Example denials without the change:
avc: denied { read } for name="id" dev="tracefs" ino=5721
scontext=u:r:traced_perf:s0 tcontext=u:object_r:debugfs_tracing:s0
tclass=file permissive=1
avc: denied { open } for
path="/sys/kernel/tracing/events/sched/sched_switch/id" dev="tracefs"
ino=5721 scontext=u:r:traced_perf:s0
tcontext=u:object_r:debugfs_tracing:s0 tclass=file permissive=1
avc: denied { getattr } for
path="/sys/kernel/tracing/events/sched/sched_switch/id" dev="tracefs"
ino=5721 scontext=u:r:traced_perf:s0
tcontext=u:object_r:debugfs_tracing:s0 tclass=file permissive=1
Tested: collected a profile sampled on "sched/sched_switch" on
crosshatch-userdebug.
Bug: 170284829
Bug: 178961752
Change-Id: I75427e848ccfdc200c5f9b679ea18fc78e1669d6
This directory is used to store override config, so that they can
persist across reboot.
Test: atest CompatConfigTest
Bug: 145509340
Change-Id: I5e8f2b3093daeccd6c95dff24a8c6c0ff31235ca
Allow netd to get adb port from property service.adb.tcp.port
Bug: b/161861298
Test: atest android.net.cts.Ikev2VpnTest#testStartStopVpnProfileV4
Change-Id: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
And allow access from system apps to vendor libs public only for system.
These files should be marked individually by OEMs. Maintainance
ownership for these libraries is also OEM's responsability.
Similar with vendor_public_libs_file type, this allows for an explicit
labeling of OEM system apps that can access libs from vendor.
Bug: 172526961
Test: build-only change, policy builds
Change-Id: I7d4c8232e0b52e73f373d3347170c87ab2dcce52
Revert submission 1556807-tombstone_proto
Reason for revert: b/178455196, Broken test: android.seccomp.cts.SeccompHostJUnit4DeviceTest#testAppZygoteSyscalls on git_master on cf_x86_64_phone-userdebug
Reverted Changes:
Ide6811297:tombstoned: switch from goto to RAII.
I8d285c4b4:tombstoned: make it easier to add more types of ou...
Id0f0fa285:tombstoned: support for protobuf fds.
I6be6082ab:Let crash_dump read /proc/$PID.
Id812ca390:Make protobuf vendor_ramdisk_available.
Ieeece6e6d:libdebuggerd: add protobuf implementation.
Change-Id: I4a9d5171e978053150404956ede18656058d1ac1
For upcoming @SystemApi DomainVerificationManager.
Test: manual, accessing new manager from test app works
Change-Id: Ic73733dce3e9152af9c6f08fb7e460fa5a01ebdf
The immediate use is to read the dumped process's selinux label, but
we'll want to add more information that relies on this (e.g. process
uptime via parsing /proc/$PID/stat).
Test: treehugger
Change-Id: I6be6082abd2091366517c17d02154678652058d6
The updated font files will be stored to /data/fonts/files and
all application will read it for drawing text.
Thus, /data/fonts/files needs to be readable by apps and only writable
by system_server (and init).
Bug: 173517579
Test: atest CtsGraphicsTestCases
Test: Manually done
Change-Id: Ia76b109704f6214eb3f1798e8d21260343eda231
Add selinux policy so the app hibernation system service can be accessed
by other processes/apps.
Bug: 175829330
Test: builds
Change-Id: I96ea9dd977ec007bc11560601554547749b4df03
Also move verity_status_prop to system_restricted_prop since we
need to query it in cts tests
Bug: 175236047
Test: atest CtsNativeVerifiedBootTestCases
Change-Id: I82b26edaf5c5ad233bd83dff77eaafb9174646ef
