System suspend service is not a HAL, so avoid using HAL-specific macros
and attributes.
Use system_suspend_server attribute for ISystemSuspend.hal permissions.
Use system_suspend type directly for internal .aidl interface
permissions.
Bug: 126259100
Test: m selinux_policy
Test: blueline boots; wakelocks can still be acquired; device suspends
if left alone.
Change-Id: Ie811e7da46023705c93ff4d76d15709a56706714
In preparation for additions that should be private-only, move
the neverallows to domain's private part.
Bug: 125474642
Test: m
Change-Id: I7def500221701500956fc0b6948afc58aba5234e
The ro.surface_flinger.display_primary* properties are added to
property_contexts. Because these properties are located in vendor
partition, but surfaceflinger service which use these properties
is in the system partition.
Bug: 124531214
Test: m -j && boot test
Change-Id: If90c4bc75796d8966bbf3ee2e3bab39145395800
Needed for the bionic stdlib.getloadavg test.
Access to /proc/loadavg was inadvertantly removed when a new label was
assigned to that file in system/sepolicy commit
8c2323d3f9.
Addresses the following denial:
CtsBionicTestCa: type=1400 audit(0.0:188192): avc: denied { read } for name="loadavg" dev="proc" ino=4026531959 scontext=u:r:shell:s0 tcontext=u:object_r:proc_loadavg:s0 tclass=file permissive=0
Bug: 124024827
Test: compiles
Change-Id: Iadb5c98cb96f69ddc9418a64720370adae1bb51f
On legacy devices system_<other> partition is blocked from
becoming the backing store under certain circumstances.
Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I1803f072ca21bc116554eee1d01a1dbd2c9ed0c9
VtsHalBootV1_0Target test cases fail on a platform when executing boot control operation.
The cases fail because of hal_bootctl has no sys_rawio permission to do storage IOCTL to
switch boot slot.
Bug: 118011561
Test: VtsHalBootV1_0Target can pass
Change-Id: Idbbb9ea8b76fe62b2d4b71356cef7a07ad4de890
To enable devices to stay in a color mode all the time, add a persistent
property as part of per device configuration.
BUG: 124129486
Test: Build, flash and boot. Verify with internal patch
Change-Id: I45ce25e4f1317911e70a4276df6adc39e7455fed
Allow all the app process with GUI to send GPU health metrics stats to
GpuService during the GraphicsEnvironment setup stage for the process.
Bug: 123529932
Test: Build, flash and boot. No selinux denials.
Change-Id: Ic7687dac3c8a3ea43fa744a6ae8a45716951c4df
This lets update_verifier call supportsCheckpoint to defer marking the
boot as successful when we may end up failing before we would commit
the checkpoint. In this case, we will mark the boot as successful just
before committing the checkpoint.
Test: Check that marking the boot as succesful was deferred in
update_verifier, and done later on.
Change-Id: I9b4f3dd607ff5301860e78f4604b600b4ee416b7
