Microdroid_launcher is an executable in microdroid. It's role is to load
a shared library in an APK that is shared from the host Android and
execute it by calling an entry point (android_native_main) in it.
For now, it is executed from shell, but will eventually be executed from
a binder service (which also is running in microdroid) called
microdroid_manager.
Bug: 188513012
Test: atest MicrodroidHostTestCases
Change-Id: I150a958c1ed0e3e960f4b4b577e808e54e898644
zipfuse is a FUSE implementation that runs in microdroid. In the virtual
machine, it reads a block device (/dev/vd* via the symlink
/dev/block/by-name/microdroid-apk) whose content is read from an apk
in the host side. Then the makes the entries in the zip file (apk is
also a zip) as regular files in the virtual machine.
Note that the filesystem is mounted as default 'fuse:filesystem' because
it's mounted without the `fcontext` option, which is due to the libfuse
library we are importing from crosvm (b/188400186).
Bug: 188388851
Test: atest MicrodroidHostTestCases
Change-Id: Ide9bac88088535f4f335f2725fa929d23015e6e1
Bug: 184131523
Test: atest VirtualizationTestCases
Test: flashed on VIM3L and ran microdroid manually
Change-Id: I6d1b69b63debf44431cd542a0ee85748fcc4191b
Allow the MediaProvider app to write the system property
fuse.passthrough.enabled in case FUSE passthrough is enabled.
The need for this additional system property is due to the ScopedStorage
CTS tests that are assuming FUSE passtrhough is always on for devices
supporting it, but there may be some cases (e.g., GSI mixed builds)
where this is not possible true and the feature is disabled at runtime,
thus causing the tests to fail.
This additional system property is only set when FUSE passthrough is
actually being used by the system.
Bug: 186635810
Test: CtsScopedStorageDeviceOnlyTest
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I623042d67399253a9167188c3748d93eb0f2d41f
Add ro.audio.offload_wakelock to audio_config_prop to allow
AudioFlinger to read this property.
Bug: 178789331
Test: build pass, property can be successfully set and read
Signed-off-by: JJ Lee <leejj@google.com>
Change-Id: I4650e03eb0a406b7531c08001adcfebe822bd75b
It is important that fastbootd is able to mount /metadata in recovery, in
order to check whether Virtual A/B snapshots are present. This is
enabled on userdebug builds, but currently fails on user builds.
Fixes:
audit: type=1400 audit(7258310.023:24): avc: denied { mount } for pid=511 comm="fastbootd" name="/" dev="sda15" ino=2 scontext=u:r:fastbootd:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0
Bug: 181097763
Test: fastboot flash on user build
Change-Id: I1abeeaa3109e08755a1ba44623a46b12d9bfdedc
This reverts commit 231c04b2b9.
Now that b/186727553 is fixed, it should be safe to revert this revert.
Test: build
Bug: 184381659
Change-Id: If26ba23df19e9854a121bbcf10a027c738006515
This reverts commit e95e0ec0a5.
Now that b/186727553 is fixed, it should be safe to revert this revert.
Test: build
Bug: 184381659
Change-Id: Ibea3882296db880f5cafe4f9efa36d79a183c8a1
This is needed to debug hangs in keystore2.
Restricted to debuggable builds for now.
Bug: 186879912
Test: 'adb bugreport', then find the stack traces for keystore2 in the
"VM TRACES JUST NOW" section of the main bugreport file.
Change-Id: I4434cab7e79cb4aae8bbb2e3a8abff02e0073c13
Fixes the following denials:
avc: denied { getattr } for path="/dev/dma_heap/system" dev="tmpfs"
ino=534 scontext=u:r:mediatranscoding:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file
permissive=0
Bug: 185867872
Test: No more DMA-BUF heap related denials from
CtsMediaTranscodingTestCases
Change-Id: I45b57b45e0db996f08b82618dcd085ba0f7e6ef6
Once b/186727553 is fixed, booting GSI on cuttlefish will no longer load
cuttlefish's system_ext sepolicy. These domains are all private and
hence the permissions are being added to system/sepolicy to avoid
making them public(especially mediatranscoding that was changed from
public to private in Android S).
Test: build, boot
Change-Id: I4a78030015fff147545bb627c9e62afbd0daa9d7
This will make debugging of keystore issues in dogfood populations much
easier than it previously was, as developers will have detailed crash
dump reporting on any issues that do occur.
Bug: 186868271
Bug: 184006658
Test: crash dumps appear if keystore2 explodes
Change-Id: Ifb36cbf96eb063c9290905178b2fdc5934050b99
Extend existing restrictions targeting only apps with API level >= 30 to
all apps.
To be merged when automerge to sc-dev ends.
Bug: 170188668
Test: atest bionic-unit-tests-static
Test: atest NetworkInterfaceTest
Test: Connect to Wi-Fi network
Test: atest CtsSelinuxTargetSdk27TestCases
Test: atest CtsSelinuxTargetSdk28TestCases
Test: atest CtsSelinuxTargetSdk29TestCases
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Change-Id: Ibd6b9f1e23f12320f3bec782cdd7a6837013597a
