Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
Vendor_init needs to read this property to process event triggers
depending on ro.product.build.16k_page.enabled .
Test: th
Bug: 319335586
Change-Id: I4f52073fbd2a138d84162710c925f65cc705c356
- Add pm.dexopt.* properties.
- Add rules for running artd in chroot.
Bug: 311377497
Test: manual - Run Pre-reboot Dexopt and see no denial.
Change-Id: If5ff9b23e99be033f19ab257c90e0f52bf250ccf
This allows RecoverySystem to destroy all secretkeeper secrets before
rebooting into recovery, thus ensuring that secrets are unrecoverable
even if data wipe in recovery is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
est: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: Ia0c9e4ecf839590ecbb478836efcd00bbeea5f47
Read access to this file is needed by any process that reads flags.
For now, exclude access to vendors.
Bug: 328444881
Test: m
Change-Id: I1899d2a0c61a6286fc285a532244730ad1e4a0fc
am skip reason: Merged-In Id015429b48ffffb73e7a71addddd48a22e4740bf with SHA-1 c5cb5a248d is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002429
Change-Id: I1180755ecac6fe30698ed166ce451c8281643806
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Id015429b48ffffb73e7a71addddd48a22e4740bf with SHA-1 c5cb5a248d is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002429
Change-Id: I96d3e188a6aad85ef3f5a36fcf66fd349de055a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Id015429b48ffffb73e7a71addddd48a22e4740bf with SHA-1 c5cb5a248d is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002429
Change-Id: I17da2be60dc6d3b43b8d37661b1aa484ab5e1a65
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Id015429b48ffffb73e7a71addddd48a22e4740bf with SHA-1 c5cb5a248d is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002429
Change-Id: I32d3f39b75c9c681cf762e685aeeed086cc7fc8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9750c24ffa26994e4f5deadd9d772e31211a446a with SHA-1 f008c29e47 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002428
Change-Id: I417fc69144d1efd712d161462a893f5f0340deaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9750c24ffa26994e4f5deadd9d772e31211a446a with SHA-1 f008c29e47 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002428
Change-Id: Ieac7134dafd6e56198c1a519a14e48fd54294c77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9750c24ffa26994e4f5deadd9d772e31211a446a with SHA-1 f008c29e47 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002428
Change-Id: Icad9512a24c7818896dbd9be9bad40686e3016e5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9750c24ffa26994e4f5deadd9d772e31211a446a with SHA-1 f008c29e47 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002428
Change-Id: I31cdb90f3ffc7165785ad5535968437d029b29e1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This allows RecoverySystem to destroy all synthetic blob protector keys
and make FBE-encrypted data unrecoverable even if data wipe in recovery
is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: I5be2f9e8314d36448994f4f14ff585ded7095c8c
Backporting the original change would require aosp/2960462, aosp/2976451
and aosp/2982791. Simply add the exception and the basic type definition.
Test: m plat_policy_for_vendor.cil
Change-Id: I9750c24ffa26994e4f5deadd9d772e31211a446a
Merged-In: I9750c24ffa26994e4f5deadd9d772e31211a446a
am skip reason: Merged-In Ib172d101d68409f2500b507df50b02953c392448 with SHA-1 b4f42d449b is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002427
Change-Id: I313387210b3fde6d27e1b71fe349c3c89623921b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Ib172d101d68409f2500b507df50b02953c392448 with SHA-1 b4f42d449b is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002427
Change-Id: I0133f83fe1ae742d2ea4725aec22e3cbfc4c5199
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
While testing aconfig storage file read by a demo app. We discovered
the need to do metadata_file:dir search in logcat log.
Bug: b/312459182
Test: demo app start
Change-Id: I0872ff192280228cc2270ae4a04755bc5cfbd9cc
Give perfetto rw dir and create file permissions for new directory.
Give system server control to read, write, search, unlink files from new directory.
Test: locally ensure traces can be written by perfetto and accessed and deleted by system server
Bug: 293957254
(cherry picked from https://android-review.googlesource.com/q/commit:c5cb5a248d1cda1557f19f98c92ffda96d44d31a)
Merged-In: Id015429b48ffffb73e7a71addddd48a22e4740bf
Change-Id: Id015429b48ffffb73e7a71addddd48a22e4740bf
