Changed the system properties to enum. The valid modes
are "default", "legacy", and "AP-assisted".
Test: Manual
Bug: 126218288
Change-Id: Ib70ed8606e845ca29453013a400b377647e15490
Third parameter of a property_context entry should be "exact" if the
entry is for a single property, not a prefix.
And the type of each entry should be the fourth parameter.
Bug: 112386364
Test: m -j
Change-Id: I2ed31c9fd7c7424e3a6a51d44b4e85413ae316b7
Moved the system properties from exported3_default
to exported_radio so that the service from vendor
partition can access that.
Test: Manual
Bug: 126218288
Change-Id: I055c1c26d1e25f5d12f2593b96eecf57be62d871
The system property is for system to be able to identify vendor
implementation that is ready to support updatable APEXes. When this
sysprop is set to true, the init creates separate mount namespaces for
processes launched before apexd. When unset, default is false.
Bug: 122428178
Test: device boots to the UI
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I4ae1eac5eec5f5085d8d32ff58300dfa9967c29a
The ro.surface_flinger.display_primary* properties are added to
property_contexts. Because these properties are located in vendor
partition, but surfaceflinger service which use these properties
is in the system partition.
Bug: 124531214
Test: m -j && boot test
Change-Id: If90c4bc75796d8966bbf3ee2e3bab39145395800
To enable devices to stay in a color mode all the time, add a persistent
property as part of per device configuration.
BUG: 124129486
Test: Build, flash and boot. Verify with internal patch
Change-Id: I45ce25e4f1317911e70a4276df6adc39e7455fed
Will be used to forcefully turn on memfd if device supports it.
Currently used only for debugging.
Change-Id: I46a1b7169677ea552d4b092e7501da587c42ba1a
Signed-off-by: Joel Fernandes <joelaf@google.com>
The ro.surface_flinger.* properties are added to property_contexts.
Because these properties are located in vendor partition, but
surfaceflinger service which use these properties is in the system
partition.
Bug: 112386364
Test: m -j & boot test
Change-Id: I98d71d4c03297a2a3fe92ba17bfdcb428f763753
The testharness service will manage Test Harness Mode and provide a
command-line interface for users to enable Test Harness Mode; however it
does not directly provide a public API.
Bug: 80137798
Test: make
Test: flash crosshatch
Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e
Create the system property ro.gfx.angle.supported that indicates if the
device supports ANGLE. The current planned use of this property is to
allow CTS to validate ANGLE functionality if the device indicates ANGLE
is supported.
Bug: 80239516
Test: Flash the build and verify the property is 'false' for marlin.
Test: Flash the build and verify the property is 'true' for walleye.
Change-Id: I00387db9ade34152f79d75453ea17d5ea7b063cd
I added ro.bionic.(2nd_)?_(arch|cpu_variant) to vendor system
properties. And have init to write them to files under dev/.
This change set SELinux rules for these properties and files.
For the system properties: vendor/default.prop will set them. init will
read them.
For the files /dev/cpu_variant:.*: init will write them. bionic libc
will read them. (Basically world readable).
This is to allow libc select the right optimized routine at runtime.
Like memcpy / strcmp etc.
Test: getprop to make sure the properties are set.
Test: ls -laZ to make sure /dev/cpu_variant:.* are correctly labeled.
Change-Id: I41662493dce30eae6d41bf0985709045c44247d3
This is useful to test how it would behave on devices with user builds.
Bug: 117980186
Test: adb shell setprop dumpstate.unroot true && \
adb shell cmd activity bug-report --progress
Change-Id: If9094bbe0c29e8180f1b35d2b4ac95343a1bd0eb
A sysprop apexd.status is set by apexd, to that other components (i.e.
init) can determine whether APEXs are all successfully mounted or no
(i.e., being mounted).
The sysprop is only writable by apexd.
Bug: 117403679
Test: adb shell getprop apexd.status returns 'ready'.
Change-Id: I81bcb96e6c5cb9d899f29ffa84f91eab3820be25
Vendor need to hook bugreport propery as well as dumpstatez.
This CL exports it.
Test: Confirmed verndor can get property trigger hook manually
Bug: 118718191
Change-Id: I64a0e38716fb863ccd8923c6c41a776ea341f2d1
Signed-off-by: Minchan Kim <minchan@google.com>
Added a new flag to specify the IWLAN operation mode. Also
allowed this system properties for vendor native service to
access.
Test: Manual
Bug: 73659459
Change-Id: I23197e451557fae36a0cc5da4b50b3a00f9233dc
Historically, vendor-init-actionable was created since the various
property_contexts files were not yet available when init parses its
scripts. Since then, the property_contexts files are now always
available when init parses its scripts, so we can collapse these two
categories.
Specifically, this change ensures that all of the properties in the
previous 'stable_properties.h' file in init, which contained the
vendor-init-actionable properties, are able to be read by init
according to SEPolicy.
Bug: 71814576
Test: vendor_init fails to use non-readable properties as a trigger
Test: vendor_init successfully uses readable properties as a trigger
Change-Id: Ic6d9919b6047f3076a1a19fc26295c6a77aca627
1. "Add sepolicy labeling of wifi.concurrent.interface" in property_contexts.
wlan1 interface is added first in Pie OS. And wlan1 interface has getIfaceName
by property_get in wifi_chip.cpp.
(/hardware/interface/wifi/1.2/default/wifi_chip.cpp)
But, there is no sepolicy about this interface. wlan0 and p2p0 is definitely specified.
So, if we try to use wlan1, native sepolicy violation occurs.
This is why this labeling is necessary.
2. wlan1: Property labeling same with wlan0 or p2p0.
wifi.interface u:object_r:exported_default_prop:s0 exact string
Test: Basic Sanity - Verified tethering by using wlan1
Bug: 117302656
Change-Id: I24194bca7176e1927164228e6571870531a9bc56
Signed-off-by: Jinhee Jo <jinhee0207.jo@lge.com>
This property is GMS-specific. It should be set from either /system or /product.
After this change ro.com.google.clientidbase will have default_prop type and
will only be settable from an .rc file.
This property now must be set from system or product images. In case of a
system-only OTA, the old vendor.img might attempt set this property. This will
trigger a denial which is innocuous since the new system.img will correctly set
the property.
Bug: 117348096
Test: walleye can still set ro.com.google.clientidbase
Change-Id: Id0873baecacb4168415b1598c35af1ecbb411e17
These values will be read by platform module (/sbin/charger), and need
to be configurable by vendor init.
Bug: 113567255
Test: Build along with other CLs in the topic (for Makefile and
libminui changes). Boot into charger mode.
Test: Boot into recovery. Run graphics test.
Change-Id: I5b272f345e2a5a255c2f660c59c1da3245aa1e03
Whitelisting some more properties that are to be set by vendor-init
but are not vendor specific.
Test: After whitelisting, these properties are now correctly
set on Go devices by vendor-init, in selinux "enforcing" mode.
BUG: 111738816
Change-Id: I3fcc09719fc9e77919a1a9f99453037ca15f25a7
Certain pm.* properties, which are especially needed for
Go-targets, are not listed in property_contexts.
Init will not be able to set these properties on bootup
without the correct selinux contexts assigned to the
properties.
BUG: 111738816
Test: In selinux-enforcing mode, on bootup, these
properties are now correctly set by init.
Change-Id: I6ea0fb229c93725e2987b1e021d5804a132d093d
"ro.telephony.default_network" can define as comma-separated Sting per
slot for multi SIM device. However, it cannot be read correctly due to
it defined as Int in property_contexts file.
Bug: 110626665
Test: manual - Checked the ro.telephony.default_network can be read per
slot for multi SIM device.
Change-Id: I900620e46c819c14bf339751f00a1db1473fd45f
This property is read by the audio service in system server to toggle
camera shutter sound enforcement on a device-specific basis.
Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
This was defined, but it had no users in the Android tree.
Because of this, ODM manifests required extra sepolicy to be applied
in vendor. Before this, there was no policy split, so that was okay,
but now it is impossible.
Bug: 91735839
Test: add an odm manifest for SE conditional on
a system property (ro.boot.product.hardware.sku)
and make sure it is read into the manifest (using
the vintf tool) and also that a client can get the
$ lshal | grep secure
Y android.hardware.secure_element@1.0::ISecureElement/SIM1 0/2 881 2262 567
Change-Id: I94a2928943be6a17416b8bbd78106809c0c21198
Merged-In: I94a2928943be6a17416b8bbd78106809c0c21198
This was defined, but it had no users in the Android tree.
Because of this, ODM manifests required extra sepolicy to be applied
in vendor. Before this, there was no policy split, so that was okay,
but now it is impossible.
Bug: 91735839
Test: add an odm manifest for SE conditional on
a system property (ro.boot.product.hardware.sku)
and make sure it is read into the manifest (using
the vintf tool) and also that a client can get the
$ lshal | grep secure
Y android.hardware.secure_element@1.0::ISecureElement/SIM1 0/2 881 2262 567
Change-Id: I94a2928943be6a17416b8bbd78106809c0c21198
This allows Android Keystore to statically register support for 3DES
during zygote initialization based on the device's support for hardware
backed 3DES keys.
Bug: b/79986680
Test: keystore CTS
Change-Id: Ic9a6653cdd623a3ab10e0efbcdb37c437e6c59b9
The property is set on builds which profile the boot image.
Test: m
Bug: 73313191
(cherry-pick form commit d99f4acf2d)
Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Bug: 71430241
Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye
Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165
