Adds a context for telephony related cache properties and changes
the bluetooth and system_server properties to match off of prefix
instead of exact string matches.
Test: Flashed phone with PowerManager caches enabled and verified
that the phone boots.
Change-Id: I9110192a12bb6222e49a8fb6b266d6067ef2ea92
service.adb.tls.port contains the adbd tcp port running the TLS server.
persist.sys.adb.wifi tells adbd when to enable the TLS server.
Bug: 149348431
Bug: 111434128
Test: Enable wireless debugging, check if TLS port information is
displayed in the Developer options > Wireless debuggging.
Change-Id: I5b5c5a3d064bc003f41386ede9051609fefec53e
The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60
It needs to be able to see supported filesystems to handle external
storage correctly.
Bug: 146419093
Test: no denials
Change-Id: Ie1e0313c73c02a73558d07ccb70de02bfe8c231e
This is renamed to ro.organization_owned to cover the extended
usage now that there is a new management mode for fully-managed
organization owned devices: organization-owned managed profile.
A device is considered fully-managed if there is a device owner
or an organization-owned managed profile.
Bug: 148437300
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest FrameworksServicesTests:SecurityEventTest
Test: atest FrameworksCoreTests:EventLogTest
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithTwoUsers
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingEnabledLogged
Change-Id: Ic3288fe343d3b51c59f08678e114fe9a81cb39a4
To let end user enable/disable the verbose vender logging,
a developer option is added into Settings app which need
directly interact with Dumpstate HAL. In the future, the
same function may be added into SystemUI, eg. as a
QuickSettings tile.
To allow both Settings app and system.ui, system_app is
the best candidate for the sepolicy change.
Bug: 148822215
Test: make && make RunSettingsRoboTests
Change-Id: Ic6ef497505719e07cc37518b78c9dc146cda2d2c
This is to fix selinux denials on incident-helper-cmd.
incident-helper-cmd is a Java program spawn from app_process. There are
currently some selinux denials because app_process tries to read boot
flags, read dalvik cache, run JIT and exec from JIT cache.
This change:
- allows incidentd to read the runtime feature flag properties. This is
a normal behavior during app_process startup
- allows incidentd to lock a few java libraries under
/apex/com.android.art. Again, this is normal when ART starts
- mutes denial of writing to and exec from dalvik cache / JIT cache
Fixes: 149011438
Test: Run $ incident 1116, and verify there's no selinux denial
Change-Id: I95a6b93e6a5510c749bebe7ecbcab9a803be0801
sys.linker property was defined to enable / disable generate linker
configuration, but the property has been removed. Remove sys.linker
property definition as it is no longer in use
Bug: 149335054
Test: m -j passed && cuttlefish worked without sepolicy error
Change-Id: Iacb2d561317d0920f93104717ce4f4bb424cc095
Merged-In: Iacb2d561317d0920f93104717ce4f4bb424cc095
In the GTS test NetStatsHostTest#testASetThreadStatsUid,
com.android.vending appears to be passing a tcp socket by file
descriptor to gmscore. This change updates the gmscore_app permissions
to allow this.
Bug: 148974132
Test: TH
Change-Id: Ia9e7869dda231329ae56c05d430631710779bf30
The label also needs to be applied in case of the new 2-level deep
app-data directories.
Bug: 149396179
Bug: 148844589
Test: atest AdoptableHostTest
Change-Id: I0f6f41df54e6f74696039b41b4a0c7e5aae1fd84
Helps with support of recovery and rollback boot reason history, by
also using /metadata/bootstat/persist.sys.boot.reason to file the
reboot reason. For now, label this file metadata_bootstat_file.
Test: manual
Bug: 129007837
Change-Id: Id1d21c404067414847bef14a0c43f70cafe1a3e2
To send statistics about snapshot merge times, snapshotctl will take
care of packing and sending all the information.
Allow snapshotctl to do so by creating an sepolicy exception.
Bug: 138817833
Test: statsd_testdrive
Change-Id: If805a522898cb6c9838779be23df6078f77d0cdc
Signed-off-by: Alessio Balsini <balsini@google.com>
so that it can change the uid/gid of pinned bpf progs and maps
Test: build, atest
Bug: 149434314
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1d873c7799e1d9fa5d4bde145e89254dabb75a01
Add a new nfc_cfg persist property for nfc features
Bug: 142626304
Test: set property and load target files.
Change-Id: I853c97e8113dbcf729cf59ad45895402b0c82b3e
Define two property_context.
1. vendor_socket_hook_prop - for ro.vendor.redirect_socket_calls. The
property set once in vendor_init context. It's evaluated at process
start time and is cannot change at runtime on a given device. The set
permission is restricted to vendor_init. The read permission is
unrestricted.
2. socket_hook_prop - for net.redirect_socket_calls.hooked. The
property can be changed by System Server at runtime. It's evaluated when
shimmed socket functions is called. The set permission is restricted to
System Server. The read permission is unrestricted.
Bug: Bug: 141611769
Test: System Server can set net.redirect_socket_calls.hooked
libnetd_client can read both properties
libnetd_client can't set both properties
Change-Id: Ic42269539923e6930cc0ee3df8ba032797212395
This reverts commit 34240604aa.
Reason for revert: Droidcop: Potential culprit for Bug149218822- verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: Iaba9f6e9125ac456a5787b1fcbb67d68c91c5f42
