The properties for attestation are congifured in build.prop files and
used by frameworks Build.java.
Allow app to access them from 'adb shell am'
Bug: 296168846
Test: m selinux_policy
Change-Id: Ie749cf5d621c03c21aa538f96a06d21680a61569
sys.boot.reason.last needs to be readable by SysUI to correctly display the reason why authentication is required to unlock the phone.
Bug: 299327097
Test: presubmit
Change-Id: I9f83ade92858056609bc665ecb6ce9b93eb051e4
A new test mode (--all) tests if every file context label used in APEX
is "known". It should fail if unknown label is used in APEX.
Bug: 299391194
Test: atest apex_sepolicy_tests_test
Change-Id: Ie467019a6dc74bba9901ba8d705b31e6de24cd62
The module name is changed but it isn't applied to Android.mk
Bug: 296875906
Test: m selinux_policy and see se_freeze_test run
Change-Id: Ia25845a1aff2c2b5f910f8432a455ee93a157580
system/sepolicy should support both REL build and ToT build. That means
that system/sepolicy and prebuilts may differ. As the frozen sepolicy is
what vendor sepolicy uses, so we need to use prebuilts to run Treble
compat test.
Bug: 296875906
Test: m selinux_policy on REL
Change-Id: I4b290266ba87e3f011d640bec133fc88359ea52f
Rationale for this change:
1) Vendors use only public files, so we should be able to use only
public cil files for compatibility test.
2) treble_sepolicy_tests_for_release.mk is too complex, because it
requires compiled sepolicy. Reducing the complexity will help migrate
into REL build.
3) This fixes a tiny bug of treble_sepolicy_tests that it can't catch
public types being moved to private types, and then removed. 29.0.cil
and 30.0.cil change contains such missing public types.
Bug: 296875906
Test: m selinux_policy (with/without intentional breakage)
Change-Id: Ia2c0733176df898f268b5680195da25b588b09c7
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.
Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
The com.android.threadnetwork module is merged into
the com.android.tethering module now.
Bug: 296211911
Change-Id: I9fec91fff4e2ae4be26da4b0f52e739c4a251cd2
"ot-ctl" is a command line tool which is useful for debugging or
testing with "ot-daemon". It's not required to be part of the
system image. It was previously added to the com.android.threadnetwork
apex package, and this commits removes it from the apex.
Test: ot-ctl is removed from /apex/com/android/threadnetwork/bin
Bug: 299224389
Change-Id: I607a02c9efb26f404ea9da2e5b7109094d3232b6
Contrast to its name, sepolicy_tests also contains tests related to
Treble. Also tests other than the compat mapping test in
treble_sepoliy_tests don't need to be run several times.
Moving tests except for compat mapping test to sepolicy_tests to
simplify treble_sepolicy_tests and to reduce build time.
Bug: 288807412
Test: m selinux_policy
Test: atest SELinuxHostTest
Change-Id: I102fa48faf49b7028dc1bb5f21de65fa99babe6f
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.
To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test
- build_files module is changed to use glob (because REL version won't
be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
freeze_test needs that)
Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
