In order for ART code to call perfetto DataSource::Trace() we need to
wait for all data source instances to have completed their setup. To do
so, we need to know how many of them exist.
This introduces a new sysprop traced.oome_heap_session.count, writeable
by perfetto traced and readable by apps and system_server that can be
used to communicate this.
See go/art-oom-heap-dump for more details
Test: manual, atest HeapprofdJavaCtsTest
Bug: 269246893
Change-Id: Ib8220879a40854f98bc2f550ff2e7ebf3e077756
A new mainline module that will have the device config logic requires a new service (device_config_updatable).
Bug: 252703257
Test: manual because logic that launches service is behind flag
Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
com.android.cronet has never been released and has since been deleted as
Cronet was added to the tethering module.
Test: TH
Bug: 266673389
Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529
Since each dropbox entry is already stored as a file on disk, include
them as-is into the dumpstate ZIP file.
The dumpsys output has already included truncated versions of all
dropbox entries for many years, and adding them as separate files
inside the dumpstate ZIP will speed up debugging and issue triage.
Bug: 267673062
Test: manual
Change-Id: I6e83dd01221f43bb2e2efc1a12368db30a545c71
Similarly to fs_type, fusefs_type accesses are ignored. It may be
triggered by tradefed when listing mounted points.
Bug: 177481425
Bug: 240632971
Bug: 239090033
Bug: 238971088
Bug: 238932200
Bug: 239085619
Test: presubmit boot tests
Change-Id: Ic96140d6bf2673d0de6c934581b3766f911780b6
GMSCore requires access to read RKP properties in order for test suites
to validate the hostname is properly set.
Test: N/A
Change-Id: If537e58d4df74516435bec8955c83bb5494a80f0
Support media use cases in isolated_compute_app such as decoding with MediaCodecs.
Bug:266943251
Test: m && manual - sample app with IsolatedProcess=True can use MediaCodec.
Change-Id: I864dcfb16494efada2fbd2a7d34b5d7f6b8128cb
virtualizationmanager may handle some AVF debug policies for unproteted VM.
Bug: 243630590
Test: Run unprotected VM with/without ramdump
Change-Id: I2941761efe230a9925d1146f8ac55b50e984a4e9
This patch:
* allows for heap and perf profiling of all processes on the system
(minus undumpable and otherwise incompatible domains). For apps, the
rest of the platform will still perform checks based on
profileable/debuggable manifest flags. For native processes, the
profilers will check that the process runs as an allowlisted UID.
* allows for all apps (=appdomain) to act as perfetto tracing data
writers (=perfetto_producer) for the ART java heap graph plugin
(perfetto_hprof).
* allows for system_server to act a perfetto_producer for java heap
graphs.
Bug: 247858731
Change-Id: I792ec1812d94b4fa9a8688ed74f2f62f6a7f33a6
Provides the script to replace current isolated_app with
isolated_app_all if possible.
Bug: 267487579
Test: m && presubmit
Change-Id: Ifcec81ddf3da2ffb4eac67d8be1de70c1eab6b92
ro.us.uvc.enabled should not be readable from apps that can't or
shouldn't act on UVC support. This means all non-system apps. This CL
adds an explicit neverallow rule to prevent all appdomains (except
system_app and device_as_webcam).
Bug: 242344221
Bug: 242344229
Test: Build passes, manually confirmed that non-system apps cannot
access the property
Change-Id: I1a40c3c3cb10cebfc9ddb791a06f26fcc9342ed9
DeviceAsWebcam is a new service that turns an android device into a
webcam. It requires access to all services that a
regular app needs access to, and it requires read/write permission to
/dev/video* nodes which is how the linux kernel mounts the UVC gadget.
Bug: 242344221
Bug: 242344229
Test: Manually tested that the service can access all the nodes it
needs, and no selinux exceptions are reported for the service
when running.
Change-Id: I45c5df105f5b0c31dd6a733f50eb764479d18e9f
I noticed a bunch of denials in the logs like this:
avc: denied { read } for pid=187 comm="dex2oat64"
name="u:object_r:device_config_runtime_native_boot_prop:s0"
dev="tmpfs" ino=76 scontext=u:r:dex2oat:s0
tcontext=u:object_r:device_config_runtime_native_boot_prop:s0
tclass=file permissive=0
But we actually want to be able to access these properties.
Bug: 264496291
Test: atest android.compos.test.ComposTestCase#testOdrefreshSpeed
Change-Id: I6ce8ee74a1024a9ddd6ef91e73111d68da878899
The properties for attestation are congifured in build.prop files and
used by frameworks Build.java.
Allow vendor_init to set these properties and allow Zygote to access
them.
Bug: 211547922
Test: SELinuxUncheckedDenialBootTest
Change-Id: I5666524a9708c6fefe113ad4109b8a344405ad57
