system_server creates an ICMPv6 socket and send it to ot_daemon via ParcelFileDescriptor. ot_daemon will use that socket to send/receive ICMPv6 messages.
Here's how the socket is created in System Server:
int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
Bug: 294486086
Security consultation bug: 296809188
Test: Verified on a cuttlefish
Change-Id: I9d479c9da01187a0e476591f447f7199ecb3a409
Partial revert of:
commit 3e1dc57bf4
commit 30ae427ed0
The current file contexts could break potential implementations of NTFS
by partners in future. I am not rolling back the adjoining
fuseblkd_exec andfuseblkd_untrusted_exec code, because secure
implementations of fuseblk drivers should still endeavour to use the
more compartmentalised policies.
However, as we don't support NTFS officially, we should give
implementors the choices whether to use it or not, even if it will open
the door to potentially less secure implementations.
NTFS Context: http://b/254407246,
https://docs.google.com/document/d/1b5RjdhN2wFFqmLCK0P_chVyiEhiYqNlTn52TFBMNwxk
Bug: 294925212
Test: Builds and boot.
Change-Id: I6d3858517e797b3f7388f9d3f18dd4a11770d5bc
Add SEPolicy for the ThreadNetworkService
Add Fuzzer exception, thread_network service is java only
FR: b/235016403
Test: build and start thread_network service
bug: 262683651
Change-Id: Ifa2e9500dd535b0b4f2ad9af006b8dddaea900db
Starting in Android 11, Android unconditionally disables kernel module
autoloading (https://r.android.com/1254748) in such a way that even the
SELinux permission does not get checked. Therefore, all the SELinux
rules that allow or dontaudit the module_request permission are no
longer necessary. Their presence or absence makes no difference.
Bug: 130424539
Test: Booted Cuttlefish, no SELinux denials.
Change-Id: Ib80e3c8af83478ba2c38d3e8a8ae4e1192786b57
the name "trunk stable" is not recommended to appear in android code
base as it is an internal concept. therefore the name change.
Bug: b/295379636
Change-Id: Ice045ac00e2d4987221cc6516baa0d013e6e0943
This is a common root node for native trunk stable flags in system properties. Each flag in a namespace will appear in the sys prop as
persist.device_config.trunk_stable_flags.<namespace>.<flag>
Bug: b/295379636
Change-Id: I42e4a799781a9ced442cbdcbdb6b905446d72d73
This reverts commit 70d70e6be4.
Reason for revert: See internal bug for clarification: http://b/291191362
Change-Id: If37670f7d71635314c618f7ac88802bfbc6fa007
See aosp/2681476 for more details.
Bug: 285185747
Test: Call installd from a local client, no denial
Change-Id: Ie3fa45aceb8a6e61123d477bd994d964a3ae6529
Add SEPolicy for the RemoteAuth Manager/Service
Add Fuzzer exception, remote_auth service is going to be in Java and
Rust only
Design doc: go/remote-auth-manager-fishfood-design
Test: loaded on device.
Bug: 290092977
Change-Id: I4decb29b863170aed5e7c85da9c4b50c0675d3bd
During mountFstab call, vold might need to wipe and re-format a device.
See code in system/vold/model/PublicVolume.cpp , PublicVolume::doFormat
Allow IOCTLs such as BLKDISCARDZEROES for wiping.
Test: th
Bug: 279808236
Change-Id: I0bebf850aa45ece6227fa5c3e9c3fdb38164f79e
On 32 bit gsi img, when the webview launch, system will crash, due to
system_server cgroup not have the selinux permission that setattr of file.
Bug:288190486
Test: flash 32-bit GSI image and boot to check whether webview crash
Change-Id: Ibe136965d7c47c6240a8e4464e4580fe7bd7eccc
So far, it has been labeled as default_prop because there was no entry
for the sysprop in property_context. As a result, it couldn't be set by
vendor_init.
Fixing that by correctly labeling it. build_config_prop is defined as
`system_vendor_config_prop` which vendor_init can set.
Bug: 250125146
Test: adb root && adb shell ro.property_service.async_persist_write 1
adb shell getprop -Z ro.property_service.async_persist_write
shows [ro.property_service.async_persist_write]: [u:object_r:build_config_prop:s0]
Change-Id: Ib30c708c8c2693892503a8f0d590541984c2667b
