A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This
is read-allowed by a few system components which need to read "apex" in
general. For example, linkerconfig needs to read apex_manifest.pb from
all apexes including vendor apexes.
Previously, these entries were labelled as system_file even for vendor
apexes.
Bug: 285075529
Test: m && launch_cvd
Test: atest VendorApexHostTestsCases
Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf
This reverts commit 3bb2411564.
Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules
Change-Id: I4a3ed3c4f00e9bee88608e7d393ded204d922ee2
Merged-In: I00cac36ac2f2a23d02c99b9ad9df57061d1ae61c
This reverts commit 92251f5d15.
Reason for revert: Remove deferred list functionality now that the shape
of ANGLE shipping form is binaries. Applications on the list are broken
with ANGLE due to the lack of YUV support, this is currently being
worked on.
Bug: 280450222
Change-Id: Ied92e6f482fe77e045139b4b0531b1db1a7ffb13
Test: atest CtsAngleIntegrationHostTestCases
no writing to vendor_file_type is the intention
here, but they only restricted vendor_file.
Bug: 281877578
Test: build (neverallow only change)
Change-Id: Ic5459dcd420ee24bad8310a587a0b9b1cc5b966a
Add drmserver(32|64) for supporting 64-bit only devices. The patch is
for setting up the sepolicy for drmserver(32|64).
Bug: 282603373
Test: make gsi_arm64-user; Check the sepolicy
Change-Id: If8451de8120372b085de1977ea8fd1b28e5b9ab0
Merged-In: If8451de8120372b085de1977ea8fd1b28e5b9ab0
This reverts commit 489abecf67.
Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules
Change-Id: I19d1da02baf8cc4b5182a3410111a0e78831d7f8
Merged-In: I0c2bfe55987949ad52f62e468c84df954f39a4ad
An app may wish to pass an open FD for the SDK sandbox
to consume, and vice versa. Neither party will be
permitted to write to the other's open FD.
Test: Manual
Bug: 281843854
Change-Id: I73f79b6566ed3e3d8491db6bed011047d5a650ce
When ART Service is enabled, the runtime uses a different strategy to
write profiles: it first creates a temp profile file, and then moves it
to the final location, instead of mutating the file in place. This new
strategy requires the permission to create files. While apps have this
permission, unfortunately, system_server didn't. This CL fixes this
problem.
Bug: 282019264
Test: -
1. Enable boot image profiling
(https://source.android.com/docs/core/runtime/boot-image-profiles#configuring-devices)
2. Snapshot the boot image profile
(adb shell pm snapshot-profile android)
3. Dump the boot image profile
(adb shell profman --dump-only --profile-file=/data/misc/profman/android.prof)
4. See profile data for services.jar
Change-Id: Ie24a51f2d40d752164ce14725f122c73432d50c9
Merged-In: Ie24a51f2d40d752164ce14725f122c73432d50c9
Apply sdk_sandbox_next it if a new input selector,
isSdkSandboxNext, is true. This is set to true by libselinux
if a flag is set in the seInfo passed to it.
This enables some testers to test out the set of restrictions
we're planning for the next SDK version.
sdk_sandbox_next is not the final set of restrictions of the next SDK
version.
Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: Idbc3ab39a2d9ef6e1feaf8c212d81a1c79b0f787
Rename sdk_sandbox to sdk_sandbox_34.
Additionally, Extract out parts of sdk_sandbox_34 to
sdk_sandbox_all.te that will be shared with all sdk_sandbox domains.
Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e
auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.
Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: I4a2112d4097c84c87d23a28a7fc0ac5f208dc5dc
Change-Id: Ic4ce690e82b09ed176495f3b55be6069ffc074ac
Context: go/videoview-local-sandbox. This change is required to
play local files in a VideoView in the SDK sandbox.
Test: Manual steps described in doc
Bug: 266592086
Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.
Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
SDK's data should not be accessible directly by other domains, including
system server. Added neverallow to ensure that.
Bug: b/279885689
Test: make and boot device
Change-Id: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2
snapuserd logs are important when OTA failures happen. To make debugging
easier, allow snapuserd to persist logs in /data/misc/snapuserd_logs ,
and capture these logs in bugreport.
Bug: 280127810
Change-Id: I49e30fd97ea143e7b9c799b0c746150217d5cbe0
This change allows vendor init scripts to react to the MTE bootloader
override device_config. It extends the domain for runtime_native and
runtime_native_boot configs from "all apps", which is already very
permissive, to "everything".
Bug: 239832365
Test: none
Merged-In: I66aa1492f929f43f937b4ab0780f7753c1f4b92e
Change-Id: I66aa1492f929f43f937b4ab0780f7753c1f4b92e
