Added a new flag to specify the IWLAN operation mode. Also
allowed this system properties for vendor native service to
access.
Test: Manual
Bug: 73659459
Change-Id: I23197e451557fae36a0cc5da4b50b3a00f9233dc
Historically, vendor-init-actionable was created since the various
property_contexts files were not yet available when init parses its
scripts. Since then, the property_contexts files are now always
available when init parses its scripts, so we can collapse these two
categories.
Specifically, this change ensures that all of the properties in the
previous 'stable_properties.h' file in init, which contained the
vendor-init-actionable properties, are able to be read by init
according to SEPolicy.
Bug: 71814576
Test: vendor_init fails to use non-readable properties as a trigger
Test: vendor_init successfully uses readable properties as a trigger
Change-Id: Ic6d9919b6047f3076a1a19fc26295c6a77aca627
1. "Add sepolicy labeling of wifi.concurrent.interface" in property_contexts.
wlan1 interface is added first in Pie OS. And wlan1 interface has getIfaceName
by property_get in wifi_chip.cpp.
(/hardware/interface/wifi/1.2/default/wifi_chip.cpp)
But, there is no sepolicy about this interface. wlan0 and p2p0 is definitely specified.
So, if we try to use wlan1, native sepolicy violation occurs.
This is why this labeling is necessary.
2. wlan1: Property labeling same with wlan0 or p2p0.
wifi.interface u:object_r:exported_default_prop:s0 exact string
Test: Basic Sanity - Verified tethering by using wlan1
Bug: 117302656
Change-Id: I24194bca7176e1927164228e6571870531a9bc56
Signed-off-by: Jinhee Jo <jinhee0207.jo@lge.com>
This property is GMS-specific. It should be set from either /system or /product.
After this change ro.com.google.clientidbase will have default_prop type and
will only be settable from an .rc file.
This property now must be set from system or product images. In case of a
system-only OTA, the old vendor.img might attempt set this property. This will
trigger a denial which is innocuous since the new system.img will correctly set
the property.
Bug: 117348096
Test: walleye can still set ro.com.google.clientidbase
Change-Id: Id0873baecacb4168415b1598c35af1ecbb411e17
These values will be read by platform module (/sbin/charger), and need
to be configurable by vendor init.
Bug: 113567255
Test: Build along with other CLs in the topic (for Makefile and
libminui changes). Boot into charger mode.
Test: Boot into recovery. Run graphics test.
Change-Id: I5b272f345e2a5a255c2f660c59c1da3245aa1e03
Whitelisting some more properties that are to be set by vendor-init
but are not vendor specific.
Test: After whitelisting, these properties are now correctly
set on Go devices by vendor-init, in selinux "enforcing" mode.
BUG: 111738816
Change-Id: I3fcc09719fc9e77919a1a9f99453037ca15f25a7
Certain pm.* properties, which are especially needed for
Go-targets, are not listed in property_contexts.
Init will not be able to set these properties on bootup
without the correct selinux contexts assigned to the
properties.
BUG: 111738816
Test: In selinux-enforcing mode, on bootup, these
properties are now correctly set by init.
Change-Id: I6ea0fb229c93725e2987b1e021d5804a132d093d
"ro.telephony.default_network" can define as comma-separated Sting per
slot for multi SIM device. However, it cannot be read correctly due to
it defined as Int in property_contexts file.
Bug: 110626665
Test: manual - Checked the ro.telephony.default_network can be read per
slot for multi SIM device.
Change-Id: I900620e46c819c14bf339751f00a1db1473fd45f
This property is read by the audio service in system server to toggle
camera shutter sound enforcement on a device-specific basis.
Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
This was defined, but it had no users in the Android tree.
Because of this, ODM manifests required extra sepolicy to be applied
in vendor. Before this, there was no policy split, so that was okay,
but now it is impossible.
Bug: 91735839
Test: add an odm manifest for SE conditional on
a system property (ro.boot.product.hardware.sku)
and make sure it is read into the manifest (using
the vintf tool) and also that a client can get the
$ lshal | grep secure
Y android.hardware.secure_element@1.0::ISecureElement/SIM1 0/2 881 2262 567
Change-Id: I94a2928943be6a17416b8bbd78106809c0c21198
Merged-In: I94a2928943be6a17416b8bbd78106809c0c21198
This was defined, but it had no users in the Android tree.
Because of this, ODM manifests required extra sepolicy to be applied
in vendor. Before this, there was no policy split, so that was okay,
but now it is impossible.
Bug: 91735839
Test: add an odm manifest for SE conditional on
a system property (ro.boot.product.hardware.sku)
and make sure it is read into the manifest (using
the vintf tool) and also that a client can get the
$ lshal | grep secure
Y android.hardware.secure_element@1.0::ISecureElement/SIM1 0/2 881 2262 567
Change-Id: I94a2928943be6a17416b8bbd78106809c0c21198
This allows Android Keystore to statically register support for 3DES
during zygote initialization based on the device's support for hardware
backed 3DES keys.
Bug: b/79986680
Test: keystore CTS
Change-Id: Ic9a6653cdd623a3ab10e0efbcdb37c437e6c59b9
The property is set on builds which profile the boot image.
Test: m
Bug: 73313191
(cherry-pick form commit d99f4acf2d)
Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Bug: 71430241
Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye
Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165
The following properties will be whitelisted.
- ro.hdmi.device_type, ro.hdmi.wake_on_hotplug and
persist.sys.hdmi.keep_awake for hdmi
- ro.sf.disable_triple_buffer for SurfaceFlinger
- media.stagefright.cache-params and persist.sys.media.avsync for
nuplayer
Bug: 78205669
Bug: 78430613
Test: succeeded building
Change-Id: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07
Merged-In: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07
(cherry picked from commit 18aaaad937)
The following properties will be whitelisted.
- ro.hdmi.device_type, ro.hdmi.wake_on_hotplug and
persist.sys.hdmi.keep_awake for hdmi
- ro.sf.disable_triple_buffer for SurfaceFlinger
- media.stagefright.cache-params and persist.sys.media.avsync for
nuplayer
Bug: 78205669
Bug: 78430613
Test: succeeded building
Change-Id: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07
Values of the following properties are set by SoC vendors on some
devices including Pixels.
- persist.bluetooth.a2dp_offload.cap
- persist.bluetooth.a2dp_offload.enable
- persist.vendor.bluetooth.a2dp_offload.enable
- ro.bt.bdaddr_path
- wlan.driver.status
So they should be whitelisted for compatibility.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
Merged-In: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
(cherry picked from commit 224921d18a)
Values of the following properties are set by SoC vendors on some
devices including Pixels.
- persist.bluetooth.a2dp_offload.cap
- persist.bluetooth.a2dp_offload.enable
- persist.vendor.bluetooth.a2dp_offload.enable
- ro.bt.bdaddr_path
- wlan.driver.status
So they should be whitelisted for compatibility.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
