There is no need for this type to be declared because it is never
registered with hwservicemanager.
This has been removed in the past but it seems it didn't automerge.
Bug: 109802374
Test: N/A
Change-Id: Id9bbc5762b6dcc8066c8543cb93db937cc4fc858
The LocationTimeZoneManagerService is being added as a "true" service so
that it can be invoked by a shell command (i.e. adb shell cmd). This
also means it will be dumped as part of dumpsys.
Test: Build only
Bug: 149014708
Change-Id: Ie60c4bea3af27a89b88ed753f9cf6e74aab04cd3
the new ioctl allows system server to verfiry the state of a frozen
binder inderface before unfreezing a process.
Bug: 143717177
Test: verified ActivityManager could access the ioctl
Change-Id: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
Define the label dmabuf_system_heap_device for /dev/dma_heap/system.
This the default DMA-BUF heap that Codec2 will use one ION is
deprecated.
Test: video playback without denials with DMA-BUF heaps enabled
Bug: 168333162
Change-Id: Ief48165cd804bde00e1881a693b5eb44a45b633b
Denial logging was suppressed in r.android.com/1199618 to de-flake
presubmit tests. Since Android 11, FUSE is enabled for all devices by
default, which is expected to prevent these denials from happening.
This change re-enables logging to check that assumption.
Bug: 145267097
Test: DeviceBootTest#SELinuxUncheckedDenialBootTest
Change-Id: I1e9aa6d1234f2f158ba7a7f6bf8aa8588249eee7
Bug: 167636754
Test: on a device that has triggers configured for this property
Test: adb shell setprop power.battery_input.suspended true to disable charging
Test: adb shell setprop power.battery_input.suspended false to reenable charging
Merged-In: I79209530d5355a59a1cb7a61c629339cd62f8eb1
Merged-In: I4692d84d5c137d11c6f648d15083614e707fdd07
Change-Id: I7a20c0d561a21fa958cf71c499604d70efdbe979
Bug: 167636754
Test: on a device that has triggers configured for this property
Test: adb shell setprop power.battery_input.suspended true to disable charging
Test: adb shell setprop power.battery_input.suspended false to reenable charging
Merged-In: I79209530d5355a59a1cb7a61c629339cd62f8eb1
Merged-In: I4692d84d5c137d11c6f648d15083614e707fdd07
Change-Id: I4692d84d5c137d11c6f648d15083614e707fdd07
Like HIDL HALs, if we have a service which is allowed to access
hal_<foo>_service, we want that service to have the attribute
hal_<foo>_client.
Unlike HIDL HALs, some AIDL services are allowed to get ahold of all
HALs, so these have to be exempted from this check.
Fixes: 168152053
Test: neverallows pass
Change-Id: I4bce6d9441c2921c3ea40f2b01fef4030c02a28a
Add updateable_module_file that describes all files under /modules. If
more directories (e.g. /modules/apex etc.) are added in the future,
separate labels should be applied to them.
Bug: 163543381
Test: on CF check /proc/mounts
Change-Id: Iceafebd85a2ffa47a73dce70d268d8a6fb5a5103
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.
Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes
other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder
Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
Add a domain for /data/local/tests which will be used by atest
to execute tests on devices as shell or root.
Bug: 138450837
Test: atest binderVendorDoubleLoadTest memunreachable_unit_test memunreachable_binder_test
Change-Id: Ia34314bd9430e21c8b3304ac079e3d9b5705e19c
`gsid` may receive a FIFO if invoked via `gsi_tool`.
For the `su root` case, allow `gsid` to read `shell` FIFO.
For the `adb root` case, allow `gsid` to read `su` FIFO.
Move `gsi_tool` related allow rules to userdebug and
eng build only, because these are development features
that require root permission, thus shouldn't be shipped
on a user build.
Bug: 166589508
Test: adb unroot && gzip -c system.raw | adb shell "zcat | su root gsi_tool install ..."
Test: adb root && gzip -c system.raw | adb shell "zcat | gsi_tool install ..."
Change-Id: I779e4d49eb57240b1a5422139d7683dbac0da988
