Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
the name "trunk stable" is not recommended to appear in android code
base as it is an internal concept. therefore the name change.
Bug: b/295379636
Change-Id: Ice045ac00e2d4987221cc6516baa0d013e6e0943
This is a common root node for native trunk stable flags in system properties. Each flag in a namespace will appear in the sys prop as
persist.device_config.trunk_stable_flags.<namespace>.<flag>
Bug: b/295379636
Change-Id: I42e4a799781a9ced442cbdcbdb6b905446d72d73
Setup tethering_u_or_later_native namespace
Test: adb shell device_config put tethering_u_or_later_native test 1
Test: Read persist.device_config.tethering_u_or_later_native.test property
Test: from system server and Tethering.apk
Ignore-AOSP-First: topic has CL that updates DeviceConfig
Bug: 281944942
Change-Id: I2862974dc1a15f6768a34763bb9e2bad93eaf4ca
The new android property namespace will store the configurations which are set on the server side and read by the EdgeTpu HAL.
Notes:
* This CL is similar to nnapi_native CL: https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/1844919
* The read permission of EdgeTpu HAL will be added in another internal CL.
Test: mm
Bug: 243553703
Bug: 246401730
Change-Id: I5705f679148b313d919f334c51e31f7645aca82a
We need to separate out the feature flags in use by remote key
provisioning daemon (RKPD). For this, I have set up a new namespace
remote_key_provisioning_native. This change adds the SELinux policies to
make sure appropriate permissions are present when accessing the feature
flag for read/write.
Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7
Test: TreeHugger
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native boot experiments.
Bug: 241730607
Test: Build
Merged-In: Idc2334534c2d42a625b451cfce488d7d7a651036
Change-Id: I3e98f1b05058245cad345061d801ecd8de623109
These will get read by system libraries in arbitrary processes, so it's
a public property with read access by `domain`.
Bug: 235129567
Change-Id: I1ab880626e4efa2affe90165ce94a404b918849d
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native experiments.
Bug: 226456604
Test: Build
Change-Id: Ib2420cf6eaf1645e7f938db32c93d085dd8950a3
Grant system_server and flags_health_check permission to set the
properties that correspond to the AVF experiments.
Bug: 192819132
Test: m
Change-Id: I0e6fa73187abb4412d07ecfd42c1074b8afa5346
Follow the steps: go/android-native-flag-api-manual
Bug: 179099277
Test: m -j
Test: manually verify connection to wifi after flash
Change-Id: Ieb5355d40aec9ed7a42b7ae5b250b696fcf00810
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
