Keystore access was reverted a while ago in ag/10598373.
Bug: 112038744
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Test: atest GtsPlayFsiTestCases GtsPlayFsiHostTestCases ApkVerityTest
Change-Id: Ic170624f5a718806adf54ab12e8f4b9f17c7775b
The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the
kernel command line, or as an Android DT node. It specifies an
override suffix for the fsmgr fstab search:
/odm/etc/fstab.${fstab_suffix}
/vendor/etc/fstab.${fstab_suffix}
/fstab.${fstab_suffix}
Bug: 142424832
Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Merged-In: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Test: manually make sure that boot animation is resizing
when display is changed
Bug: 156448328
Merged-In: I9f754900a0b32551f656ce2097a3a41245b02218
Change-Id: I9f754900a0b32551f656ce2097a3a41245b02218
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.
Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
Merged-In: I66ac106613cbb374f54659601e4ba3f61eaecd2f
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 152544169
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I409aeccd31293bf0ae3be5b1dbafe5a74daaaa9d
The gpt_fdisk project was updated recently, but sepolicy was not updated
with it :) Now sgdisk can use BLKPBSZGET to detect the physical block
size. Seen on cuttlefish when adding external SD Card support to it.
avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16"
dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
Bug: 156286088
Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0
Configures SELinux to allow ActivityManagerService to start a cacheinfo
service that is responsible for dumping per-process cache state.
Bug: 153661880
Test: adb shell dumpsys cacheinfo
Test: adb bugreport
Change-Id: Id6a4bdf2a9cb6d7f076b08706e0f91d377f38603
Cherry picked from commit 996059 (rvc-dev-plus-aosp), which is
auto merged from aosp/1290960 (master).
In addition, 'prebuilts/api/30.0/public/hal_audio.te' is updated to
be consistent with 'public/hal_audio.te'.
Bug: 155306710
Test: tested with the following rules in 'vendor/hal_audio_default.te'
Test: type hal_audio_socket, domain;
Test: typeattribute hal_audio_default hal_automotive_socket_exemption;
Test: allow hal_audio_default hal_audio_socket:tcp_socket connect;
Test: m -j should compile sepolicy without complaints
Change-Id: I0b8a5f9c9d826680223dbb9204862ea46c557856
(cherry picked from commit 9960590f8d)
Steps taken to produce the mapping files:
1. Add prebuilts/api/30.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on rvc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/30.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/30.0/30.0.cil by doing the following:
- copy /system/etc/selinux/mapping/30.0.cil from rvc-dev aosp_arm64-eng
device to private/compat/30.0/30.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 30 sepolicy.
Find all such types using treble_sepolicy_tests_30.0 test.
- for all these types figure out where to map them by looking at
29.0.[ignore.]cil files and add approprite entries to 30.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_30.0 and installs
30.0.cil mapping file onto the device.
Bug: 153661471
Test: m treble_sepolicy_tests_30.0
Test: m 30.0_compat_test
Test: m selinux_policy
Change-Id: I6dfae41fbd5f245119ede540d2c321688d6e7929
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.
Following types are removed.
boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop
Following type is renamed.
wificond_service -> wifinl80211_service
Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
Lmkd should implement reinit functionality and to do so it needs to
communicate with its running instance using socket.
Bug: 155149944
Test: lmkd --reinit
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Merged-In: I81455fe187830081d88f001b4588f7607b1bd1d0
Change-Id: I81455fe187830081d88f001b4588f7607b1bd1d0
Allow the update_engine to use the gsid property and to avoid the VAB
merge when running a DSU.
Bug:147071959
Test: ota_e2etest.py
Change-Id: I4a8d179e7e71f74d0c7ad34767de1f619f134d20
This is needed for libmodprobe to pass module options on the kernel
commandline to kernel modules when they are loaded.
Bug: 155422904
Change-Id: I9df7e211765268815bfb9269365264f5ca468712
Merged-In: I9df7e211765268815bfb9269365264f5ca468712
