The ro.surface_flinger.* properties are using instead of configstore.
Add get_prop (domain, surfaceflinger_prop) to domain.te so that it can
be used on all systems in the same way as configstore.
Bug: 124531214
Test: read properties in java (ag/11226921)
Change-Id: Ifc8a53ea544c761d85e370e177913db91d8a33a2
This prop allows vendors to specify whether their devices
have basic eBPF compatibility (ie. Linux kernel 4.9 with P VINTF).
Make it exported_default_prop because the shared library
libbpf_android is used in a lot of places.
See: https://r.android.com/1261922
Bug: 151753987
Signed-off-by: Felix <google@ix5.org>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifd9af558d84ea1619a6af7fce81b700fdfb22b9f
All apps signed with the media key share a UID. However,
some run in the priv_app selinux context, and others run
in the mediaprovider context. That's a bug. Apps which share
a UID should always share an selinux domain. Assign all apps
with the seinfo=media to the mediaprovider selinux domain.
This moves the following packages from the priv_app to the
mediaprovider domain:
com.android.providers.downloads
com.android.providers.downloads.ui
com.android.mtp
com.android.soundpicker
Bug: 154614768
Test: atest CtsDownloadManagerApi28
Change-Id: I6f96142ef03101568abed670a0e32f952515a590
com.google.android.gms and com.google.android.gsf have a sharedUserId
but were being routed to two different domains:
com.google.android.gms 10145 0 /data/user/0/com.google.android.gms google:privapp:targetSdkVersion=10000
com.google.android.gsf 10145 0 /data/user/0/com.google.android.gsf google:privapp:targetSdkVersion=10000
This change routes them to the same domain: gmscore_app
Bug: 154597032
Test: TH
Change-Id: I0a309a687eb8608604cabf65b58763a1a3262153
A vendor has an audio HAL implementation for Android Automotive that
controls amplifiers with tcp sockets. This violates a neverallow rule
in 'public/hal_audio.te':
neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket
} *;
This rule prevents any audio HAL server from accessing sockets; But
public/hal_neverallows.te, line 19 exempts HAL servers on automotive
devices; because in a car it is common to have external modules
accessible over in-vehicle networks.
Therefore, the existing neverallow rule in hal_audio.te is a duplicate;
and this CL removes this rule.
Vendors on automotive devices should refer to 'vendor/hal_audio_default.te',
by (1) creating a new type; (2) associating the type with the
'hal_automotive_socket_exemption' attribute.
Bug: 150400684
Test: tested with the following rules in 'vendor/hal_audio_default.te'
Test: type harmon_amplifier, domain;
Test: typeattribute hal_audio_default hal_automotive_socket_exemption;
Test: allow hal_audio_default harmon_amplifier:tcp_socket connect;
Test: m -j should compile sepolicy without complaints
Change-Id: I517b050d0582d08f94f35ba815a030121385f319
This is to clean up bad name "exported_dalvik_prop"
Bug: 154465224
Test: sepolicy_tests
Test: treble_sepolicy_tests 26.0 ~ 29.0
Change-Id: Ie5e738b5985c1db1bca7a857971d8490a7980b5b
Previously we have allowed many kinds of app processes to access
gpuservice. However, upon sharing files through bluetooth, bluetooth
process starts an activity to handle this task. At the meanwhile, any
processes with an activity launched shall access gpuservice for stats
purpose. This change amends the rules so that we don't miss anything.
Bug: 153472854
Test: use bluetooth to share a photo and check logcat
Change-Id: I3d620b703d3afe92ac1f61cfb2a2f343352ddd4d
It already has read dir access, but was missing file access which
would allow it read /sdcard symlink (/mnt/pass_through/0/self/primary)
Test: adb shell am broadcast -a
android.intent.action.MEDIA_SCANNER_SCAN_FILE
--receiver-include-background -d file:///sdcard
Bug: 153151011
Change-Id: If4d3fa3d96de6dd9672c0c3aa25fb25f196fe295
