This reverts commit 9eb3b8ffdf.
Reason for revert: We are deciding for now not to make StagingManager a fully-fledged binder service, as it will only be accessed by PackageInstaller. We might re-evaluate this decision later if needed.
Bug: 122072686
Change-Id: Ic2a53fc92ddd7d7eeccc6a4a0117f28724346ec7
Adding a new high-level service which will handle staged installs, i.e.
installs that require a reboot.
Bug: 118865310
Test: An initial implementation of StagingManager can be reached
successfully by PackageManagerService and PackageInstallerService.
Change-Id: I8859b463575f8ee85caae43570958347b82f967e
The policies allow the system server to register a network_stack_service
used to communicate with the network stack process.
Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: Ib9b7d9150fe4afcce03c8b3dbb36b81c67e39366
Cherry-picked from aosp/852612 (commit Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415),
and is a manual merge for ag/5836696 (commit I360ce12f33e333766f6f30614c87811d05e663a4)
Bug: 120865921
Test: Manual verification
Change-Id: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415
Bug: None
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I360ce12f33e333766f6f30614c87811d05e663a4
Merged-In: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415
We're creating a new PermissionManagerService that will handle
all of the permission related APIs. These are currently being
routed through PackageManagerService.
Test: Device boots
Change-Id: I7d08561dd33b692209c30d413cdca0ff567358f1
- Update policy for new system service, used for SystemUI/Apps to
present predicted apps in their UI.
Bug: 111701043
Test: manual verification
Change-Id: Ia3b5db987097d2d71bf774ca550041e03214471d
These selinux policy rules were added for bufferhub to run a binder
service. But later we decided to use a hwbinder service instead, and the
original binder service was removed in git/master. Now we can safely
remove these rules.
Test: Build passed. Device boot successfully without selinux denial.
Bug: 118891412
Change-Id: I349b5f0f2fa8fb6a7cfe7869d936791355c20753
Add a DeviceConfig service in system_server to edit configuration flags.
This is intended to be a command line tool for local overrides and/or
tool for tests that adopt shell permissions.
Test: None
Bug:109919982
Bug:113101834
Change-Id: Ib7bed752849b1ed102747e3202dd7aed48d2c6d5
Changed the GPU service name back to be compatible with external
engines/tools' usage of vkjson cmd.
Bug: 118347356
Test: adb shell cmd gpu vkjson
Change-Id: Ie432fd8be63d33070ad037c509467c8367b42d39
Test: ensure no build failures;
add RoleManagerService as a boot phase
ensure no SecurityException in logcat on boot
Change-Id: Ia0803c0fb084fe2b12f5c20f5e46354d0dd1aedf
Historically GPU service lives in SurfaceFlinger as a convenient hack.
Howerver, SurfaceFlinger doesn't need to know about anything specific about GPU
capability, and shouldn't know about anything about GPU. This patch moves GPU
service out of SurfaceFlinger.
GPU service is a service that accesses to GPU driver, queries GPU capabilities
and reports back. Currently we use this information in CTS and some benchmarks.
BUG: 118347356
Test: Build, flash and boot, use `adb shell cmd gpu vkjson` to verify
Change-Id: I007989e0f3f73b5caf80277979986820dd127c32
Add a service in mediaswcodec to load updated codecs,
and restrict it to userdebug/eng. Reuse existing
mediaextractor_update_service since the codec update
service is identical, this avoids adding a new one
for now as we may not need the service anymore
after switching to APEX.
Bug: 111407413
Bug: 117290290
Change-Id: Ia75256f47433bd13ed819c70c1fb34ecd5d507b4
Add ians service contexts
Bug: 113106744
Test: verified from service list that ianas is
registered
Change-Id: Iea653416ffa45cba07a544826e0a2395d31cedca
Merged-In: Iea653416ffa45cba07a544826e0a2395d31cedca
apexd is a new daemon for managing APEX packages installed
on the device. It hosts a single binder service, "apexservice".
Bug: 112455435
Test: builds, binder service can be registered,
apexes can be accessed, verified and mounted
Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97
Create a new service type buffer_hub_binder_service for
BufferHubBinderService and allow bufferhubd to publish the service.
Add the service to 26.0, 27.0 and 28.0 compat ignore files since the
service is not available in past versions.
Fixes: 116022258
Test: build passed
Change-Id: I5a21f00329ed474433d96c8d1ce32377f20cada3
Add selinux policy for the new Binder-based vr flinger vsync service.
Bug: 72890037
Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.
- Confirmed the CTS test
android.security.cts.SELinuxHostTest#testAospServiceContexts, when
built from the local source tree with this CL applied, passes.
- Confirmed the CTS test
android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
when built from the local source tree with this CL applied, passes.
Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06
Add sepolicy entries for the new time zone detector service.
The timezonedetector_service will be called from the
telephony process.
Bug: 78217059
Test: make / booted device
Change-Id: Ib719a4bb444b2af7dd71910fb0bd12992df9d88c
This change removes references to the common time management
service.
Bug: 80462439
Test: build / boot
Merged-In: I2c8fca44fe05e3a35f5580d23e23a4c033075613
Change-Id: I2c8fca44fe05e3a35f5580d23e23a4c033075613
This commit contains the changes needed to add the new
time detector system server service.
Bug: 78217059
Test: make / booted device
Change-Id: I7cfaac6cac876e4aa73e8af1aa5f837117bb9ad7
"storaged" service will be used by external clients, e.g. vold, dumpsys
"storaged_pri" service will only be used by storaged cmdline.
Bug: 63740245
Change-Id: I7a60eb4ce321aced9589bbb8474d2d9e75ab7042
(cherry picked from commit 37ab7c0917)
ADB is being separated from USB service since it's not tied to the USB
transport. This duplicates the usb_service's settings to adb_service for
this purpose.
Bug: 63820489
Test: make
Change-Id: Idbcfbe470d7568f9cba51f0c8d4a8ee9503db93d
This is an experimental feature only on userdebug and eng build.
Test: play MP4 file. install & uninstall media update apk.
Bug: 67908547
Change-Id: I513cdbfda962f00079e886b7a42f9928e81f6474
system_update service manages system update information: system updater
(priv_app) publishes the pending system update info through the service,
while other apps can read the info accordingly (design doc in
go/pi-ota-platform-api).
This CL adds the service type, and grants priv_app to access the service.
Bug: 67437079
Test: Build and flash marlin image. The system_update service works.
Change-Id: I7a3eaee3ecd3e2e16b410413e917ec603566b375
Finalize Wi-Fi RTT service name per API review.
Note: CL 2 of 2 - removing old entry.
Bug: 65108607
Test: integration tests
Change-Id: Id2b3d91ea2ca578a5834a299275df188c68475da
Finalize Wi-Fi RTT service name per API review.
Note: CL 1 of 2 - adding new entry here, will remove
old entry in next CL.
Bug: 65108607
Test: integration tests
Change-Id: I065ce9d570510180fa8c8f09e1025ac795706405
CrossProfileAppsService allows apps to do limited cross profile
operations, like checking the caller package is installed in
the specified user. It is similar to LauncherAppsService in some sense.
Merged-In: I26e383a57c32c4dc9b779752b20000b283a5bfdc
Change-Id: I26e383a57c32c4dc9b779752b20000b283a5bfdc
Fix: 67765768
Test: Built with ag/3063260. Can boot and verified those APIs are working.
(cherry picked from commit 6536c9e092)
Instead of removing the denial generating code, a dontaudit and a
service label will be provided so that the team working on this new
feature doesn't have to get slowed up with local revision patches.
The dontaudit should be removed upon resolution of the linked bug.
Bug: 67468181
Test: statscompanion denials aren't audited
Change-Id: Ib4554a7b6c714e7409ea504f5d0b82d5e1283cf7
A parallel Wi-Fi RTT service is being added in parallel. Switch-over
will occur once the new service is ready.
Bug: 65014552
Test: integration tests
Change-Id: Ie4b15592140462af70c7092511aee3f603aaa411
This is a Qualcomm proprietary service,
and does not belong here.
Test: boot Marlin
Bug: 63391760
Merged-In: If7469051f6cef3e2440f7021ae26c9815ff54820
Change-Id: If7469051f6cef3e2440f7021ae26c9815ff54820
Add policy changes to enable a new service. The service
is currently switched off in config, but this change is
needed before it could be enabled.
Bug: 31008728
Test: make droid
Merged-In: I29c4509304978afb2187fe2e7f401144c6c3b4c6
Change-Id: I29c4509304978afb2187fe2e7f401144c6c3b4c6
vr_wm functionality is moved in VrCore, so remove this service.
Bug: 37542947, 36506799
Test: Ran on device and verified there are no permission errors while in
VR
Change-Id: I37fd34e96babec2a990600907f61da8c358ecc89
VR HWC is being split out of VR Window Manager. It creates a HW binder
interface used by SurfaceFlinger which implements the HWComposer HAL and
a regular binder interface which will be used by a system app to receive
the SurfaceFlinger output.
Bug: b/36051907
Test: Ran in permissive mode and ensured no permission errors show in
logcat.
Change-Id: If1360bc8fa339a80100124c4e89e69c64b29d2ae
Add a new type and context for IpSec to system SEPolicy
Bug: 35923241
Test: service starts + talks to NetD
Change-Id: I69356c8525b426d344fcc4858fc499ab12405b20
(cherry picked from commit 641b1a7ae0)
Add a new type and context for IpSec to system SEPolicy
Bug: 35923241
Test: service starts + talks to NetD
Change-Id: I69356c8525b426d344fcc4858fc499ab12405b20
Note: The existing rules allowing socket communication will be removed
once we migrate over to HIDL completely.
(cherry-pick of 2a9595ede2)
Bug: 34603782
Test: Able to connect to wifi networks.
Test: Will be sending for full wifi integration tests
(go/wifi-test-request)
Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615
Note: The existing rules allowing socket communication will be removed
once we migrate over to HIDL completely.
Bug: 34603782
Test: Able to connect to wifi networks.
Test: Will be sending for full wifi integration tests
(go/wifi-test-request)
Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615
The 'overlay' service is the Overlay Manager Service, which tracks
packages and their Runtime Resource Overlay overlay packages.
Change-Id: I897dea6a32c653d31be88a7b3fc56ee4538cf178
Co-authored-by: Martin Wallgren <martin.wallgren@sonymobile.com>
Signed-off-by: Zoran Jovanovic <zoran.jovanovic@sonymobile.com>
Bug: 31052947
Test: boot the Android framework
This set of rules is neeeded to allow vr_windows_manager to run
successfully on the system.
Bug: 32541196
Test: `m -j32` succeeds. Sailfish device boots.
Change-Id: I0aec94d80f655a6f47691cf2622dd158ce9e475f
Required for I0aeb653afd65e4adead13ea9c7248ec20971b04a
Test: Together with I0aeb653afd65e4adead13ea9c7248ec20971b04a, ensure that the
system service works
Bug: b/30932767
Change-Id: I994b1c74763c073e95d84222e29bfff5483c6a07
reflect the change from "mediaanalytics" to "mediametrics"
Also incorporates a broader access to the service -- e.g. anyone.
This reflects that a number of metrics submissions come from application
space and not only from our controlled, trusted media related processes.
The metrics service (in another commit) checks on the source of any
incoming metrics data and limits what is allowed from unprivileged
clients.
Bug: 34615027
Test: clean build, service running and accessible
Change-Id: I657c343ea1faed536c3ee1940f1e7a178e813a42
Allow storaged to read /proc/[pid]/io
Grant binder access to storaged
Add storaged service
Grant storaged_exec access to dumpstate
Grant storaged binder_call to dumpstate
Bug: 32221677
Change-Id: Iecc9dba266c5566817a99ac6251eb943a0bac630
Bring the context hub service advertised name into compliance with
the other Android services. This changes the name from
"contexthub_service" to "context".
Test: GTS tests pass.
Change-Id: I8490d60f89bdb97813e328b9ddf08270470fda76
Most of this CL mirrors what we've already done for the "netd" Binder
interface, while sorting a few lists alphabetically.
Migrating installd to Binder will allow us to get rid of one of
the few lingering text-based command protocols, improving system
maintainability and security.
Test: builds, boots
Bug: 13758960, 30944031
Change-Id: I59b89f916fd12e22f9813ace6673be38314c97b7
media framework analytics are gathered in a separate service.
define a context for this new service, allow various
media-related services and libraries to access this new service.
Bug: 30267133
Test: ran media CTS, watched for selinux denials.
Change-Id: I5aa5aaa5aa9e82465b8024f87ed32d6ba4db35ca
Finish NAN -> Aware rename process. Removes old NAN service.
Bug: 32263750
Test: device boots and all Wi-Fi unit-tests pass
Change-Id: I2f0d9595efea2494b56074752194e7a6e66070f2
Add Aware service - new name for NAN. But do not remove NAN
yet. Enables smooth transition.
Bug: 32263750
Test: device boots and all Wi-Fi unit-tests pass
Change-Id: Ieb9f1ebf1d2f31ee27f228562b4601023da5282d
- Allow dumpstate to create the dumpservice service.
- Allow System Server and Shell to find that service.
- Don't allow anyone else to create that service.
- Don't allow anyone else to find that service.
BUG: 31636879
Test: manual verification
Change-Id: I642fe873560a2b123e6bafde645467d45a5f5711
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
