This is needed to support VABC merges on data wipes and via "fastboot
snapshot-update merge".
Bug: 168258606
Test: fastboot snapshot-update merge
data wipe during VABC merge
Change-Id: I32770a2e74f2c2710e4964f65c42ae779c1a0b90
a54bed6907
Bug: 151660495
Test: verified proper boot in regular mode and proper working of adb in
recovery
Change-Id: Id70d27a6162af6ede94661005d80a2a780057089
The system server code that backs VPN APIs such as VpnService and
VpnManager currently lives in ConnectivityService and is accessed
via IConnectivityManager.
In S, ConnectivityService is being moved to the tethering
mainline module, but the VPN code is not. So add an new
service (vpnmanager, IVpnManager, VpnManagerService) to support
these APIs.
Service implementation at http://r.android.com/1572982 . That CL
cannot be in a topic with this one because it will conflict in
master and sc-dev.
Bug: 173331190
Test: builds, boots, "dumpsys vpnmanager" throws no errors
Change-Id: Ic09c93cc454ec959a3beda2b09efa74b8db30c27
As image variants are now supported directly by android.Module, this
removes a custom mutator in selinux_contexts and uses image variant
functions in android.Module.
InRecovery and InstallInRecovery may be confusing. But refactoring it is
out of scope for this CL.
Test: compare out/soong/build.ninja before and after
Change-Id: I9ebf665a1d50d24bb4e5568a4fd1af4c4eb02c90
These permissions are required for dumpstate to read the DMA-BUF sysfs
stats present at /sys/kernel/dmabuf/buffers
Bug: 167709539
Test: adb shell am bug-report
Change-Id: I1c00843775452b7a7aa39b059e1d77d77aed1e9c
This is in prevision of future `dex2oat` feature / experiments flags
set in namespaces `runtime_native` and `runtime_native_boot`.
In Android S, ART is becoming an updatable Mainline module (which will
include `dex2oat`). In the future, we may want to run experiments or
test new features using the Android Experiments framework. Such
experiments/features are enabled via feature flags, implemented as
Android system properties for native code.
To be able to read such properties, we need to give the read
permission to the relevant binaries. At the moment, this can only be
done in the SELinux policy of the Android platform, which cannot be
updated via a Mainline update. To give us the opportunity to conduct
such experiments in `dex2oat` via an ART Mainline Module update after
Android S has shipped (e.g. by having `dex2oat` query a system
property in `persist.device_config.runtime_native.*` ), we need to
have this permission set in the Android S platform now.
Test: mmma system/sepolicy
Change-Id: I0a83e9f0ec19884a99ef9693d55084376bff8762
This allow the device_state binder service to be exposed
as a TestApi and a SystemApi to allow usage in CTS and
system applications.
Test: Build, flash, and query device_state service
Bug: 177236115
Bug: 177235528
Change-Id: Ia9f306b8c242e8e754b201f349c274b4ce78dad9
We're adding support for counting and/or sampling on the static kernel
tracepoints in traced_perf (via perf_event_open). This requires traslating
a human-readable tracepoint name to its id for the running kernel.
For that, we need to read the "id" files like:
/sys/kernel/tracing/events/sched/sched_switch/id
While the current implementation should only need "file r_file_perms",
as it constructs the full path to the id file, I've also added the
directory-level rule to allow for a possible change in implementation,
as we might want to enumerate all available events ahead of time, which
would require listing the tracefs events/ dir.
The changed neverallow macro was a copypaste mistake.
Example denials without the change:
avc: denied { read } for name="id" dev="tracefs" ino=5721
scontext=u:r:traced_perf:s0 tcontext=u:object_r:debugfs_tracing:s0
tclass=file permissive=1
avc: denied { open } for
path="/sys/kernel/tracing/events/sched/sched_switch/id" dev="tracefs"
ino=5721 scontext=u:r:traced_perf:s0
tcontext=u:object_r:debugfs_tracing:s0 tclass=file permissive=1
avc: denied { getattr } for
path="/sys/kernel/tracing/events/sched/sched_switch/id" dev="tracefs"
ino=5721 scontext=u:r:traced_perf:s0
tcontext=u:object_r:debugfs_tracing:s0 tclass=file permissive=1
Tested: collected a profile sampled on "sched/sched_switch" on
crosshatch-userdebug.
Bug: 170284829
Bug: 178961752
Change-Id: I75427e848ccfdc200c5f9b679ea18fc78e1669d6
This directory is used to store override config, so that they can
persist across reboot.
Test: atest CompatConfigTest
Bug: 145509340
Change-Id: I5e8f2b3093daeccd6c95dff24a8c6c0ff31235ca
Allow netd to get adb port from property service.adb.tcp.port
Bug: b/161861298
Test: atest android.net.cts.Ikev2VpnTest#testStartStopVpnProfileV4
Change-Id: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
And allow access from system apps to vendor libs public only for system.
These files should be marked individually by OEMs. Maintainance
ownership for these libraries is also OEM's responsability.
Similar with vendor_public_libs_file type, this allows for an explicit
labeling of OEM system apps that can access libs from vendor.
Bug: 172526961
Test: build-only change, policy builds
Change-Id: I7d4c8232e0b52e73f373d3347170c87ab2dcce52
Revert submission 1556807-tombstone_proto
Reason for revert: b/178455196, Broken test: android.seccomp.cts.SeccompHostJUnit4DeviceTest#testAppZygoteSyscalls on git_master on cf_x86_64_phone-userdebug
Reverted Changes:
Ide6811297:tombstoned: switch from goto to RAII.
I8d285c4b4:tombstoned: make it easier to add more types of ou...
Id0f0fa285:tombstoned: support for protobuf fds.
I6be6082ab:Let crash_dump read /proc/$PID.
Id812ca390:Make protobuf vendor_ramdisk_available.
Ieeece6e6d:libdebuggerd: add protobuf implementation.
Change-Id: I4a9d5171e978053150404956ede18656058d1ac1
For upcoming @SystemApi DomainVerificationManager.
Test: manual, accessing new manager from test app works
Change-Id: Ic73733dce3e9152af9c6f08fb7e460fa5a01ebdf
The immediate use is to read the dumped process's selinux label, but
we'll want to add more information that relies on this (e.g. process
uptime via parsing /proc/$PID/stat).
Test: treehugger
Change-Id: I6be6082abd2091366517c17d02154678652058d6
