The system property "vold.post_fs_data_done" is used by init and vold to
communicate with each other in order to set up FDE on devices that use
FDE. It needs to be gettable and settable by vold, and settable by init
and vendor_init. This was the case in Android 11 and earlier; however,
the change
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1277447
("Rename exported and exported2 vold prop") broke this by giving this
property the type "vold_config_prop", which made it no longer settable
by vold.
Since none of the existing property types appear to be appropriate for
this particular property, define a new type "vold_post_fs_data_prop" and
grant the needed domains permission to get/set it.
This is one of a set of changes that is needed to get FDE working again
so that devices that launched with FDE can be upgraded to Android 12.
Bug: 186165644
Test: Tested FDE on Cuttlefish
Change-Id: I2fd8af0091f8b921ec37381ad3b85a156d074566
And allow access from system apps to vendor libs public only for system.
These files should be marked individually by OEMs. Maintainance
ownership for these libraries is also OEM's responsability.
Similar with vendor_public_libs_file type, this allows for an explicit
labeling of OEM system apps that can access libs from vendor.
Bug: 172526961
Test: build-only change, policy builds
Change-Id: I7d4c8232e0b52e73f373d3347170c87ab2dcce52
We no longer allow apps with mlstrustedsubject access to app_data_file
or privapp_data_file. For compatibility we grant access to all apps on
vendor images for SDK <= 30, whether mlstrustedsubject or not. (The
ones that are not already have access, but that is harmless.)
Additionally we have started adding categories to system_data_file
etc. We treat these older vendor apps as trusted for those types only.
The result is that apps on older vendor images still have all the
access they used to but no new access.
We add a neverallow to prevent the compatibility attribute being
abused.
Test: builds
Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.
Bug: 154066722
Test: check file label
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
1. Add surfaceflinger_display_prop property context
2. Set context for graphics.display.kernel_idle_timer.enabled
3. Context for system property that is get by surfaceflinger
and set by vendor_init and system_app.
W /system/bin/init: type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.display.enable_kernel_idle_timer pid=2396 uid=1000 gid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_display_prop:s0 tclass=property_service permissive=0'
Bug:137064289
Test: $ make selinux_policy. Check kernel idle timer works correct.
Change-Id: I77a82b5abfe5a771418dab5d40b404a1cdca4deb
To allow vold to abort it.
Bug: 153411204
Test: vold can access it
Merged-In: I334eaf3459905c27d614db8eda18c27e62bea5fa
Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 152544169
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I409aeccd31293bf0ae3be5b1dbafe5a74daaaa9d
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Configures SELinux to allow ActivityManagerService to start a cacheinfo
service that is responsible for dumping per-process cache state.
Bug: 153661880
Test: adb shell dumpsys cacheinfo
Test: adb bugreport
Change-Id: Id6a4bdf2a9cb6d7f076b08706e0f91d377f38603
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.
Following types are removed.
boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop
Following type is renamed.
wificond_service -> wifinl80211_service
Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
[already merged in master and AOSP]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Change-Id: Id432390023de232deb4cc4d0ff3fb73904093b60
[cherry-picking]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Change-Id: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
[Will cherry-pick to AOSP]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Change-Id: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Cleaning up exported*_system_prop and moving surfaceflinger properties
to new property contexts.
Bug: 152468529
Bug: 154885206
Test: boot cf_x86 and crosshatch
Change-Id: I7f8a684e9cbabce2f55a5292d7b2283ac0716cd9
Assigning a new context boot_status_prop for following two properties:
- sys.boot_completed
- dev.bootcomplete
Bug: 154885206
Test: boot cf_x86 and crosshatch, see no denials
Change-Id: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
Merged-In: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
(cherry picked from commit 2973c96055)
Adds a context for telephony related cache properties and changes
the bluetooth and system_server properties to match off of prefix
instead of exact string matches.
Bug: 151953109
Test: Flashed phone with PowerManager caches enabled and verified
that the phone boots.
Merged-In: I9110192a12bb6222e49a8fb6b266d6067ef2ea92
Change-Id: I3128596a2f893954a54499cf295e5c88a94d4965
(cherry picked from commit bae0bd2016)
This is to clean up bad name "exported_dalvik_prop"
Bug: 154465224
Test: sepolicy_tests
Test: treble_sepolicy_tests 26.0 ~ 29.0
Change-Id: Ie5e738b5985c1db1bca7a857971d8490a7980b5b
Since these need to be set from a vendor context.
Bug: 152170470
Bug: 153525566
Test: N/A
Change-Id: I2e90ad08fa0a5bd2b4759d92f95d35cec2b316df
Merged-In: I2e90ad08fa0a5bd2b4759d92f95d35cec2b316df
