(Cherry-picking)
We now only have one system service, called "incremental".
Test: builds
BUG: 150406132
Merged-In: I47643bac5711dcd4291bf4bf1cdcb853a0f51fb4
Change-Id: I6f96d3953611f34cdb52b958dfa95120ae930e35
This completely hides system internal properties (which are meant to be
used only in system) when compiling sepolicy of vendor, product, etc.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I4fc060f5973b7483c7f8502c40ef0a61f75ff088
Merged-In: I4fc060f5973b7483c7f8502c40ef0a61f75ff088
(cherry picked from commit c492c06e14)
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
Three properties are declared as vendor-init-settable:
ro.media.xml_variant.codecs
ro.media.xml_variant.codecs_performance
ro.media.xml_variant.profiles
media_codecs.xml can now be named
media_codecs${ro.media.xml_variant.codecs}.xml
media_codecs_performance.xml can now be named
media_codecs_performance${ro.media.xml_variant.codecs_performance}.xml
media_profiles_V1_0 can now be named
media_profiles${ro.media.xml_variant.profiles}.xml
Test: Rename "media_codecs.xml" to "media_codecs_test.xml",
set ro.media.xml_variant.codecs to "_test", then
call "stagefright -i".
Test: Rename "media_codecs_performance.xml" to
"media_codecs_performance_test.xml",
set ro.media.xml_variant.codecs_performance to "_test", then
run android.media.cts.VideoDecoderPerfTest.
Test: Rename "media_profiles_V1_0.xml" to "media_profiles_test.xml",
set ro.media.xml_variant.profiles to "_test", then
run vts_mediaProfiles_validate_test.
Bug: 142102953
Change-Id: I407a0a327fcc8e799bb4079b11048a497565be48
This grants default access to the new GNSS subsystem for Linux to the
GNSS HAL default implementation. The GNSS subsystem creates character
devices similar to ttys but without much unneeded complexity. The GNSS
device class is specific to location use cases.
Bug: 151670529
Change-Id: I03b27aa5bbfdf600eb830de1c8748aacb9bf4663
This property type represents properties used in CTS tests of userspace
reboot. For example, test.userspace_reboot.requested property which is
used to check that userspace reboot was successful and didn't result in
full reboot, e.g.:
* before test setprop test.userspace_reboot.requested 1
* adb reboot userspace
* wait for boot to complete
* verify that value of test.userspace_reboot.requested is still 1
Test: adb shell setprop test.userspace_reboot.requested 1
Bug: 150901232
Change-Id: I45d187f386149cec08318ea8545ab864b5810ca8
Merged-In: I45d187f386149cec08318ea8545ab864b5810ca8
(cherry picked from commit 3bd53a9cee)
Add a vendor-specified system property to allow GPU fallback composition to occur at a lower resolution than the display mode resolution. This is required on platforms like TVs which have, for example, 2k GPUs but 4k capabilities, or 4k GPUs but 8k capabilities.
Bug: 144574809
Test: Tested with sysprop disabled, and tested backport in Android Q with sysprop enabled. Unable to test on Android R due to device issues.
Change-Id: Ife63c21a6e959d16e796d57956dd7dda2f5d383e
Originally public/property_contexts was introduced to create a whitelist
of system properties which can be accessed from vendor, and to be used
from VTS to ensure that the whitelist isn't modified. But it doesn't fit
well on sepolicy public/private split as the split isn't for stability,
but for letting vendor compile their sepolicy with public types. Also it
doesn't make sense only to check the whitelist on VTS, because platform
internal ones must also be unchanged.
This commit merges public/property_contexts into private as before. This
gives consistency with other context files such as file_contexts which
are already containing entries for vendor but are only defined in
private. This also simplifies property_contexts as there will be only one
property_contexts file. Another benefit is that VTS will check all
entries defined by system, not only exported ones.
Bug: 150331497
Test: m && run VtsTrebleSysProp manually
Change-Id: Ib9429e27b645ef21a36946fbaea069a718c3c6eb
Merged-In: Ib9429e27b645ef21a36946fbaea069a718c3c6eb
(cherry picked from commit 31391fa78e)
See discussion in aosp/1233645. There was a concern about this
filesystem automounting when enabled, so this change adds sepolicy to
preemptively lock it down.
I'm not confident it actually automounts. If it does, it'll land in
/sys/kernel/security, which is also protected with the sysfs policy.
Test: Builds
Bug: 148102533
Change-Id: I78a246a5c18953f2471f84367ab383afb2742908
This is useful for tools like dumpsys, so that they work on all services
equally as well. Also, so that there is no difference with the regular
service manager.
Bug: 150579832
Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager'
Test: denial is no longer present:
03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0
Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
For system prop flags from DeviceConfig namespace "Configuration".
Test: Build and run on local device
Bug: 149420506
Change-Id: If4196b4bf231e7c52f98b92cc0031a08dad06120
This fixes a bug introduced in aosp/1143430 where the permission
should have been included for the newly introduced
ashmem_libcutils_device type.
Test: Build
Bug: 150193534
Change-Id: I5b1ed8d9548f9dab4ad9373f98e21614c07c3d38
- This allows init to access it.
Bug: 149039306
Test: Flash and confirm that file system can run resize2fs when metadata_csum is enabled.
Change-Id: Id91d8fb6800b254b12eaf93a0e8cb019b55d2702
This change updates sepolicies for automotive display service to make it
available to the vendor processes.
Bug: 149017572
Test: m -j selinux_policy
Change-Id: I48708fe25e260f9302e02749c3777c0ca0d84e4b
Signed-off-by: Changyeon Jo <changyeon@google.com>
* allow shell to enable/disable the daemon via a sysprop
* don't audit signals, as some denials are expected
* exclude zygote from the profileable set of targets on debug builds.
I've not caught any crashes in practice, but believe there's a
possibility that the zygote forks while holding a non-whitelisted fd
due to the signal handler.
Change-Id: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1
