We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.
Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/
(ag/23125728)
Bug: 281850017
Ignore-AOSP-First: Will cherry-pick to AOSP later
Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25
Needed when using com.android.tethering.inprocess with
flattened APEX.
Bug: 273821347
Test: trybot
Change-Id: Iae6d9547922575398c634433dc07b2e46fbffd8e
The library (libcom.android.tethering.connectivity_native.so) in the
apex is a part of LLNDK. So it should be properly labelled so that
vendor can access it.
Bug: n/a
Test: m com.android.tethering
Test: adb shell -lZ /apex/com.android.tethering/lib64
Change-Id: I6c949c992042f4a38f25ca6f4243d31e81354467
com.android.cronet has never been released and has since been deleted as
Cronet was added to the tethering module.
Test: TH
Bug: 266673389
Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.
The virtualizationservice domain remains responsible for:
* allocating CIDs (access to props)
* creating temporary VM directories (virtualization_data_file, chown)
* receiving tombstones from VMs
* pushing atoms to statsd
* removing memlock rlimit from virtmgr
The new virtualizationmanager domain becomes responsible for:
* executing crosvm
* creating vsock connections, handling callbacks
* preparing APEXes
* pushing ramdumps to tombstoned
* collecting stats for telemetry atoms
The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.
Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.
Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
Start a new security domain for virtmgr - a child proces of an app that
manages its virtual machines.
Add permissions to auto-transition to the virtmgr domain when the client
fork/execs virtmgr and to communicate over UDS and pipe.
Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I7624700b263f49264812e9bca6b83a003cc929be
This is a part of changes to bring up Remote Key Provisioning Daemon
module. See packages/modules/RemoteKeyProvisioning for more info.
Change-Id: Iae4e98176491637acb03e2e09b9d8dbc269be616
Test: atest rkpd_client_test
Replicate change
https://android-review.googlesource.com/c/1663786/2/apex/com.android.art-file_contexts
in `apex/com.android.art.debug-file_contexts`.
Test: Patch this commit into a tree that uses `artd` (only internal
ones at the moment) and run the following command on a device
running the Debug ART APEX:
adb shell pm art \
get-optimization-status com.google.android.youtube
Change-Id: If0b10b585778e8b585e76b2a4512a2f23facd22e
- Adapt installd rules for app compilation.
- Add profman rules for checking the profile before compilation. This is new behavior compared to installd.
Bug: 229268202
Test: -
1. adb shell pm art optimize-package -m speed-profile -f \
com.google.android.youtube
2. See no SELinux denial.
Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc
Also, rename the file_contexts file to match the new BT stack apex name
(com.android.bluetooth)
Test: TH
Bug: 236187653
Bug: 236192423
Ignore-AOSP-First: LSC
Change-Id: Ie610775d397d0a81f83e251ed3b5f73006bfd272
Will not need this in near future.
Fix: 230729916
Test: Build
Change-Id: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
Merged-In: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
Ignore-AOSP-First: cherry-picked from AOSP
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.
Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.
Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1