We have moved the encryption policy assignment from vold to
vold_prepare_subdirs. This CL removes some permissions from vold
over storage areas that are no longer needed due to this change,
and adds some permissions to vold_prepare_subdirs.
Bug: 325129836
Test: atest StorageAreaTest
Change-Id: Ief2a8021ed3524018d001e20eae60f712f485d81
Some old devices use debugfs for /sys/kernel/debug.
Bug: 311377497
Change-Id: Ib9958b5cfdd85c37acd27ff6e637efdbd2a068e3
Test: adb shell pm art pr-dexopt-job --test
before removing a session directory. Hence, it needs more permissions on
staging_data_file.
Bug: 343165326
Test: atest CtsStagedInstallHostTestCases:com.android.tests.stagedinstall.host.StagedInstallTest#testRebootlessUpdate_unsignedPayload_fails
Change-Id: Ic94c74d4ef896129491cee39098f43f33793851f
This is to make sure that no process is accessing files in chroot when
we teardown chroot.
Bug: 311377497
Test: Set a very short timeout for `ensureNoProcessInDir` and run
Pre-reboot Dexopt.
Change-Id: I5c60497c73a9d56068e47840ffd4a0f0a550c250
treble_sepolicy_tests gets very confused by parentheses in comments.
Fix the search for the opening parenthesis of a statement to skip
comments.
And then update a comment that was intended to use parentheses to
actually do so. (Without the parser change, this fails horribly.)
Test: Build
Change-Id: I1e36136e97dd9b8190add29b7f2155a08ea87d80
Older vendor policy may apply the label vendor_hidraw_device to the
HID device.
From Android V we use the new label hidraw_device for this.
Fix the compatibility rules to allow new system policy to work with
older vendor policy:
- Add vendor_hidraw_device for devices that don't have it (duplicate
definitions are ignored when we compile CIL).
- Add compatibility mapping so that rules for hidraw_device also
apply to vendor_hidraw_device on devices with older vendor.
Bug: 340923653
Test: Builds, boots, no new denials
Change-Id: I3ffc44be2c98be137303263f569515103c4996b8
system_ext, product, and vendor keystore2_key_contexts are not installed
correctly, due to missing REQUIRED dependencies and typo.
Bug: 338684892
Test: build and check each partition
Change-Id: Ic18bf05609d27c322375baf6b72f5e2c75c1bfa0
The dynamic linker needs to read this node to determine how it should
load ELF files. See page_size_migration_supported() [1]
Allow the node to be enabled/disabled by init.
[1] 3d5e32517b:bionic/linker/linker_phdr.cpp;l=709-721
Bug: 342520142
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Test: no avc deined in logcat
Change-Id: I91381e36943ea0387ff245e924ddab53a4928a05
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Currently vendors need to write dex2oat property from power HAL for
performance but vendors should workaround it with init rc scripts. This
allows power HAL to write such properties directly, without workaround.
Bug: 163539793
Test: boot
Change-Id: I1812c577cb11d24d924d32cdab40594c0eb72d52
This allows init to conditionally execute some init.rc commands
based on the filesystem type of /data partition . For example,
we may wish to do some initialization work for 16KB mode only
if /data is ext4.
Test: boot, check ro.fstype.data, re-format /data and check again
Bug: 341216848
Change-Id: I97d5b3a2fa560476b106f39d56aa9df55cd539f4
