The convention for native properties is to use _native suffix.
Bug: 123524494
Bug: 120794191
Test: set a property and ensure it can be read in AndroidRuntime.cpp
Change-Id: I69feab9be78f24d812b8f953d3ec06a5d8d18f15
Bug: 120794191
Bug: 123524494
Test: set a property and ensure it can be read in AndroidRuntime.cpp
Change-Id: Ib37102f35e9987d3d9baff83c45571a5d632ad50
Whitelist the persistent system properties that will be used as
flags in activity manager experiments.
Bug: 120794810
Test: m, flash, test getting flag value in ActivityManagerService.java
Change-Id: I90a10bc87d6db3a64347b62fd02e6f0b12ac9fa8
For input experiments that are enabled at boot time, allow system_server
to read and write the device config flags.
Bug: 120794829
Test: presubmit
Change-Id: I0f075a7579c593d4e07c3e31be529e34554068a6
The testharness service will manage Test Harness Mode and provide a
command-line interface for users to enable Test Harness Mode; however it
does not directly provide a public API.
Bug: 80137798
Test: make
Test: flash crosshatch
Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e
For experiment flag testing, we add a flag netd and have
SEPolicy updates.
Test: add sepolicy, m -j, check GetServerConfigurableFlag function in netd
Bug:122050512
Change-Id: I21c844c277afc358085d80447f16e4c0d4eba5b3
This is analoguous to what Perfetto does with persist.traced.enable.
Test: m
Test: flash walleye
Test: setprop persist.heapprofd.enable 1
setprop persist.heapprofd.enable 0
Change-Id: I997272ef8c6fe078aca2388ed0cf2ecc3de612a5
This is world-readable so it can be checked in libc's process init.
Test: m
Test: flash sailfish
Bug: 117821125
Change-Id: Iac7317ceb75b5ad9cfb9adabdf16929263fa8a9d
I added ro.bionic.(2nd_)?_(arch|cpu_variant) to vendor system
properties. And have init to write them to files under dev/.
This change set SELinux rules for these properties and files.
For the system properties: vendor/default.prop will set them. init will
read them.
For the files /dev/cpu_variant:.*: init will write them. bionic libc
will read them. (Basically world readable).
This is to allow libc select the right optimized routine at runtime.
Like memcpy / strcmp etc.
Test: getprop to make sure the properties are set.
Test: ls -laZ to make sure /dev/cpu_variant:.* are correctly labeled.
Change-Id: I41662493dce30eae6d41bf0985709045c44247d3
device_config_flags_health_check_prop is used for enabling/disabling
program flags_health_check which is executed during device booting.
"1" means enabling health check actions in flags_health_check, other
values mean flags_health_check will not perform any action.
Test: build succeeded & manual test
Change-Id: I93739dc5d155e057d72d08fd13097eb63c1193b5
A sysprop apexd.status is set by apexd, to that other components (i.e.
init) can determine whether APEXs are all successfully mounted or no
(i.e., being mounted).
The sysprop is only writable by apexd.
Bug: 117403679
Test: adb shell getprop apexd.status returns 'ready'.
Change-Id: I81bcb96e6c5cb9d899f29ffa84f91eab3820be25
llkd needs the ptrace capabilities and dac override to monitor for
live lock conditions on the stack dumps.
Test: compile
Bug: 33808187
Change-Id: Ibc1e4cc10395fa9685c4ef0ca214daf212a5e126
Allow lmkd write access to sys.lmk. properties to be able to set
sys.lmk.minfree_levels.
Bug: 111521182
Test: getprop sys.lmk.minfree_levels returns value set by lmkd
Change-Id: I86ff11d75917966857d3a76876a56799bb92a5ad
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This change makes it such that only init can start adbd directly. It
also introduces new rules for ctl.{start,stop,restart} properties such
that only usbd and recovery (and su, since it's permissive) can directly
ask init to start adbd.
Bug: 64720460
Test: adbd still runs
Test: /data/nativetest64/adbd_test/adbd_test
Test: python system/core/adb/test_adb.py
Test: "USB debugging" in System Settings still start/stop adbd
Test: Recovery menu still make the device show as "recovery" in adb
devices
Test: "Apply update from ADB" in recovery menu still works
Change-Id: Iafcda8aa44e85129afcc958036b472d856fa1192
This property is read by the audio service in system server to toggle
camera shutter sound enforcement on a device-specific basis.
Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
This adds a label for system properties that will affect system-wide
time / time detection logic.
The first example will be something like:
persist.time.detection_impl_version
Bug: 78217059
Test: build
Change-Id: I46044f1e28170760001da9acf2496a1e3037e48a
The attribute is used to capture system properties added from outside of
AOSP (e.g. by OEM), but are not device-specific and thus are used only
inside the system partition.
Access to the the system properties from outside of the system partition
is prevented by the neverallow rule.
Bug: 80382020
Bug: 78598545
Test: m -j selinux_policy
Merged-In: I22c083dc195dab84c9c21a79fbe3ad823a3bbb46
Change-Id: I22c083dc195dab84c9c21a79fbe3ad823a3bbb46
(cherry picked from commit c0f8f2f82a)
System properties can be abused to get around Treble requirements of
having a clean system/vendor split. This CL seeks to prevent that by
neverallowing coredomain from writing vendor properties.
Bug: 78598545
Test: build 2017 Pixels
Test: build aosp_arm64
Change-Id: I5e06894150ba121624d753228e550ba9b81f7677
(cherry picked from commit cdb1624c27)
We are not forbidding system_writes_vendor_properties_violators in P,
i.e. this neverallow rule is not strictly enforced.
Bug: 80466516
Bug: 78598545
Test: build policy
Change-Id: Iaf0ebbd2b27adf8c48082caa874e53f32bf999fc
The attribute is used to capture system properties added from outside of
AOSP (e.g. by OEM), but are not device-specific and thus are used only
inside the system partition.
Access to the the system properties from outside of the system partition
is prevented by the neverallow rule.
Bug: 80382020
Bug: 78598545
Test: m -j selinux_policy
Change-Id: I22c083dc195dab84c9c21a79fbe3ad823a3bbb46
Using hal_foo attributes in neverallow rules does not work because
they are auto-expanded to types. Use hal_foo_server types instead.
Fixes the following error:
unit.framework.AssertionFailedError: The following errors were
encountered when validating the SELinuxneverallow rule: neverallow
{ domain -coredomain -bluetooth -hal_bluetooth } { bluetooth_prop }:
property_service set; Warning! Type or attribute hal_bluetooth used
in neverallow undefined in policy being checked.
Test: CtsSecurityHostTestCases
Bug: 80153368
Change-Id: I2baf9f66d2ff110a4f181423790a1160a6e138da
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Merged-In: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
(cherry picked from commit 2208f96e9e)
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
System properties can be abused to get around Treble requirements of
having a clean system/vendor split. This CL seeks to prevent that by
neverallowing coredomain from writing vendor properties.
Bug: 78598545
Test: build 2017/2018 Pixels
Test: build aosp_arm64
Change-Id: I5e06894150ba121624d753228e550ba9b81f7677
com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"
W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)
Had to use precise property definition as com.android.phone accesses
test properties as well.
Test: compile
Bug: 78245377
Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7
com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"
W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)
Had to use precise property definition as com.android.phone accesses
test properties as well.
Test: compile
Bug: 78245377
Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7
com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"
W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)
Test: compile
Bug: 78245377
Change-Id: Id21436d281bab27823969a9f7e92318d70b5a2d6
This is to fix the CTS failures given by the bugs below where devices
where traced is not enabled by default causes test failures.
(cherry picked from commit 673b4db777)
Bug: 78215159
Bug: 78347829
Change-Id: Ib0f6a1cdb770528dbbeb857368534ff5040e464e
This is to fix the CTS failures given by the bugs below where devices
where traced is not enabled by default causes test failures.
Bug: 78215159
Bug: 78347829
Change-Id: Ib0f6a1cdb770528dbbeb857368534ff5040e464e
And this CL will remove unnecessary vendor-init exceptions for nfc_prop
and radio_prop as well.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: I468b8fd907c6408f51419cfb58eb2b8da29118ae
Merged-In: I468b8fd907c6408f51419cfb58eb2b8da29118ae
(cherry picked from commit 41e42d63fe)
And this CL will remove unnecessary vendor-init exceptions for nfc_prop
and radio_prop as well.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: I468b8fd907c6408f51419cfb58eb2b8da29118ae
Values of the following properties are set by SoC vendors on some
devices including Pixels.
- persist.bluetooth.a2dp_offload.cap
- persist.bluetooth.a2dp_offload.enable
- persist.vendor.bluetooth.a2dp_offload.enable
- ro.bt.bdaddr_path
- wlan.driver.status
So they should be whitelisted for compatibility.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
Merged-In: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
(cherry picked from commit 224921d18a)
