While testing aconfig storage file read by a demo app. We discovered
the need to do metadata_file:dir search in logcat log.
Bug: b/312459182
Test: demo app start
Change-Id: I0872ff192280228cc2270ae4a04755bc5cfbd9cc
Give perfetto rw dir and create file permissions for new directory.
Give system server control to read, write, search, unlink files from new directory.
Test: locally ensure traces can be written by perfetto and accessed and deleted by system server
Bug: 293957254
(cherry picked from https://android-review.googlesource.com/q/commit:c5cb5a248d1cda1557f19f98c92ffda96d44d31a)
Merged-In: Id015429b48ffffb73e7a71addddd48a22e4740bf
Change-Id: Id015429b48ffffb73e7a71addddd48a22e4740bf
Allow camera server to switch the scheduling policy
for certain time critical threads.
Bug: 323292530
Test: Manual using camera application,
Camera CTS
Change-Id: Ib665009c095efc21f65b1d8b3ddd9c2528c1c794
Just allow aconfig_storage_metadata_file:file read permission is not
enough to read the pb file, we also need
aconfig_storage_metadata_file:dir search permission.
Bug: b/312459182
Test: audit2allow after having demo app access the file
Change-Id: I1790ea84a56e83f43313af82378f245e2bb6597e
For aconfigd test, for atest to work, the shell domain needs to be able
to connect to aconfigd_socket. In addition, aconfigd needs to be able to
access the test storage files as shell_data_file. All these policies are
only needed for userdebug_or_eng build.
Bug: 312459182
Test: m, launch avd, atest, then audit2allow, no avc denials found
Change-Id: Ifb369f7e0000dfe35305fe976e330fa516ff440c
LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.
Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.
Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
It is used by profcollectd to notify vendor_init to trigger
a manual probe of coresight etr.
Bug: 321061072
Test: build and run on device
Change-Id: I5aa65f8d5a25f1284f09111c940f0a2c1a62ac18
This will allow odrefresh to move files from staging dir to output dir
instead of copying.
Test: -
1. Patch https://r.android.com/2991838
2. atest odsign_e2e_tests_full
Change-Id: I8fec4db3ff720f84a58e41439089ea55e53301b4
Found when making the tests for permissive MTE, which are part of the
CTS test suite because I really, really don't want to fork hundreds of
lines of Java glue. But, CTS tests aren't supposed to only run on rooted
devices (even though there's examples of this in the tree already).
I think either way, ideologically, we should allow non-root users to
enable permissive MTE. This would be useful for a person who wants to
dogfood MTE with all apps on, but use a retail build. I can think of at
least a few researchers that would probably find this useful.
Bug: 328793166
Test: adb unroot && adb shell setprop persist.sys.mte.permissive 1
Change-Id: Ie905e23c9600986cb436e1cc7490e28678710696
we have CAP_CHOWN but we can't use it
to custom configure directory uid/gid.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I41bdab8d5b7b4cfc5cdc568909c9c6b9947e2bca
The report_off_body permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#onDeviceOffBody() served by keystore2.
That API is being removed because it is unused
(https://r.android.com/2974277). Therefore, stop granting the
report_off_body permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
However, document the access vectors that are known to be unused.
Bug: 289849354
Test: atest CtsKeystoreTestCases
Change-Id: I344a1a8ad1dc12217b414899994397d5e62bd771
(so we can check if we need to change it)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I229a772ec6ecebcd8826730af568980f578842ee
am skip reason: Merged-In I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87 with SHA-1 6c689e8438 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3001629
Change-Id: If2550fe882cdba3c808129ac65f8fda85ff4a850
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Other patch in this topic moves the initialisation of /dev/open-dice0 to
the first_stage_init which runs before the sepolicy is setup. However,
microdroid_manager should still be able to access the /dev/open-dice0,
hence this patch which grants ueventd permissions to relabel the device
and fix its permissions.
Bug: 287593065
Test: vm run-microdroid --protected
Change-Id: Iacf5b0aa9b85ee9f07abac35f6b43b7ec378bff4
Unfortunately 202404 sepolicy changed a little after vendor API freeze.
Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
There's no way to currently define a new domain with map_read/write
access.
That's clearly desirable for example for vendor use of xt_bpf programs.
I believe that also holds true for prog_load which is checked
at attachment, and will be needed in the future to support things
like vendor tracepoint attachment.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6125f3de2f8a8dde0891ddabedfafe35f521e681
Add policy to control ro.lmk.use_psi property for lmkd.
Test: m
Bug: 328681151
Change-Id: Ie30d1c62a7f0594961667b3e2d2064be89e91506
Signed-off-by: Carlos Galo <carlosgalo@google.com>
This reverts commit a6a3726ed2.
Reason for revert: Breaks an internal build (see b/329217616)
Bug: 329217616
Bug: 296875906
Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa
