And add neverallow so that it's removed from partner policy if
it was added there due to denials.
Fixes: 124476401
Test: build
Change-Id: I16903ba43f34011a0753b5267c35425dc7145f05
On legacy devices system_<other> partition is blocked from
becoming the backing store under certain circumstances.
Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I1803f072ca21bc116554eee1d01a1dbd2c9ed0c9
sdcardfs will automatically try to create .nomedia file
under Android/{data,obb} and this is being attributed
to whoever is trying to create Android/{data,obb} dirs.
Earlier this is used to done from app context but now
zygote handles the creation of these dirs.
Bug: 124345887
Test: manual
Change-Id: I96feada2f5edff2ece2586a532b069a58a36dd3b
Update the seinfo to the new network_stack seinfo, as the network stack
is now using its own certificate.
Remove the hard-coded package name, which may differ depending on
devices, and specify (uid, signature, priv-app) instead.
Bug: 124033493
Test: m
Change-Id: If3bbc21cf83f5d17406e9615833ee43011c9c9bc
VtsHalBootV1_0Target test cases fail on a platform when executing boot control operation.
The cases fail because of hal_bootctl has no sys_rawio permission to do storage IOCTL to
switch boot slot.
Bug: 118011561
Test: VtsHalBootV1_0Target can pass
Change-Id: Idbbb9ea8b76fe62b2d4b71356cef7a07ad4de890
To enable devices to stay in a color mode all the time, add a persistent
property as part of per device configuration.
BUG: 124129486
Test: Build, flash and boot. Verify with internal patch
Change-Id: I45ce25e4f1317911e70a4276df6adc39e7455fed
Allow all the app process with GUI to send GPU health metrics stats to
GpuService during the GraphicsEnvironment setup stage for the process.
Bug: 123529932
Test: Build, flash and boot. No selinux denials.
Change-Id: Ic7687dac3c8a3ea43fa744a6ae8a45716951c4df
Modify sepolicy configure file, so that cas@1.1 service can run
Test: Manual
bug: 124016538
Change-Id: I0b160bc1c575aa18ffead7ff136509fc9dcfb472
Merged-In: I142a6cd66a81ad9e0c8b4d87da672fb8f5c181d6
system/sepolicy commit ffa2b61330
introduced the runas_app SELinux domain, which changed how we perform
debugging and profiling of Android applications. This broke Android
Studio's profiling tool.
Android Studio's profiling tool has the run-as spawned application
connect to an app created unix domain sockets in the
abstract namespace.
Note: this differs from system/sepolicy commit
3e5668f173, which allows connections in
the reverse direction (from app to runas_app). That change (b/123297648)
was made for a different part of Android Studio, Android Studio Instant
Run.
Addresses the following denial:
2019-02-08 00:59:14.563 15560-15560/? W/connector: type=1400 audit(0.0:645): avc: denied { connectto } for path=00436C69656E74 scontext=u:r:runas_app:s0:c188,c256,c512,c768 tcontext=u:r:untrusted_app_27:s0:c188,c256,c512,c768 tclass=unix_stream_socket permissive=0 app=com.example.hellojni
(hex decode of 00436C69656E74 is "Client")
2019-01-31 17:25:16.060 19975-19975/? W/transport: type=1400 audit(0.0:8146): avc: denied { connectto } for path=00416E64726F696453747564696F5472616E73706F72744167656E743139383839 scontext=u:r:runas_app:s0:c512,c768 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=unix_stream_socket permissive=0 app=com.example.android.displayingbitmaps
(hex decode of
00416E64726F696453747564696F5472616E73706F72744167656E743139383839
is "AndroidStudioTransportAgent19889")
Bug: 120445954
Test: manual
Change-Id: I9ca1c338dcbc75cb3fbd7bf93a348f9276363dc1
This lets update_verifier call supportsCheckpoint to defer marking the
boot as successful when we may end up failing before we would commit
the checkpoint. In this case, we will mark the boot as successful just
before committing the checkpoint.
Test: Check that marking the boot as succesful was deferred in
update_verifier, and done later on.
Change-Id: I9b4f3dd607ff5301860e78f4604b600b4ee416b7
Simplifies our reasoning about product hashes. They are either
present on both sides of the Treble boundary or not.
Might be worth installing all four hashes unconditionally in the future.
Fixes: 123996710
Test: boot taimen, precompiled policy loaded
Change-Id: I749e4b0cc4c85870407a10b7d41a2e2001a75ffb
