Bug: 264489957
Test: flash and no related avc error
Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af
Signed-off-by: Wilson Sung <wilsonsung@google.com>
The original change was not a correct solution and was only intended to
silence an error. After the correct fix (aosp/2559927), we can remove
the rule (which is only allow the operation to happen and fail anyway).
Test: m
Bug: None
Change-Id: Ia41fac38e89653578adab3b10def7b1b0d0a3e61
This reverts commit af6035c64f.
Reason for revert: aosp/2559927 is the right fix
Bug: 279597861
Bug: 258093107
Test: see b/258093107#30
Change-Id: I8dbea3ba5541072f2ce8969bf32cf214fabb1965
A lazy service shouldn't quit when it has clients, but
sometimes it needs to, such as when the device is
shutting down, so we test that it works.
In Android U, I broke this behavior, and it was caught
by other tests. However, now we have test support
for this directly in aidl_lazy_test.
No fuzzer, because this is a test service only, so it's
low-value.
Bug: 279301793
Bug: 278337172
Bug: 277886514
Bug: 276536663
Bug: 278117892
Test: aidl_lazy_test
Change-Id: I36b2602bb87b56ba1eb72420c7fdd60ff1fa14e2
Define the selinux domain to apply to SDK runtime for
targetSdkVersion=34.
The existing sdk_sandbox domain has been renamed to sdk_sandbox_next.
Future CLs will add logic to apply one of these to the SDK runtime
processes on the device, based on a flag.
auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.
Bug: 270148964
Test: make and boot the test device, load SDK using test app
Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
This will allow vendor customization of isolated_compute_app. New permissions added should be associated with isolated_compute_allowed.
Bug: 274535894
Test: m
Change-Id: I4239228b80544e6f5ca1dd68ae1f44c0176d1bce
For unknown reason, denial still happens with system app after applying
ag/20712480. This commit adds a work around to fix this.
Bug: 258093107
Fixes: 272530397
Test: flash build, pair watch with phone, check SE denials log
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ade3b2183d850fd508569782e35a59ef2bd4dce)
Merged-In: I16932c793c5ca144746d0903ed1826c1847d2add
Change-Id: I16932c793c5ca144746d0903ed1826c1847d2add
Enable remote_provisioning diagnostic reporting from dumpsys and adb
shell by allowing the service, which is hosted in system_server, to call
KeyMint's IRPC HAL implementation.
Test: adb shell dumpsys remote_provisioning
Test: adb shell cmd remote_provisioning
Bug: 265747549
Change-Id: Ica9eadd6019b577990ec3493a2b08e25f851f465
Adds persist.sysui.notification.builder_extras_override property
associated permissions, which will be used to flag guard
a change in core/...Notification.java.
Original change I3f7e2220798d22c90f4326570732a52b0deeb54d didn't
cover zygote, which are needed for preloaded classes
Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: Ifad9e7c010554aa6a1e1822d5885016058c801c9
Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED.
This is exposed as ro.product.cpu.pagesize.max to VTS tests.
Add the required sepolicy labels for the new property.
Bug: 277360995
Test: atest -c vendor_elf_alignment_test -s <serial>
Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
This new system property will be read and written
by a new developer option switch, through gpuservice.
Based on the value stored in persis.graphics.egl,
we will load different GLES driver.
e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver
Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
I just found it's reported in some bugreports when logging errors from
linkerconfig.
avc: denied { ioctl } for pid=314 comm="linkerconfig"
path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401
scontext=u:r:linkerconfig:s0 tcontext=u:object_r:devpts:s0
tclass=chr_file permissive=1
Bug: 276386338
Test: m && boot
Change-Id: I57c9cc655e610dc81a95bc8578a6649c52798c93
Property for multi usb mode is used by UsbAlsaManager to decide if only
one or multiple USB devices can be connected to audio system at a
certain time.
Bug: 262415494
Test: TH
Change-Id: I9481883fa8977329d35b139713aad15e995306b1
This patch allows system server to read media config properties.
On 32bit architectures the StorageManager service in system server
needs to access media config while checking if transcoding is supported.
Bug: 276498430
Bug: 276662056
Change-Id: Ifc008d98b893b099c31c1fc8b96de9ed18dd4fbe
Signed-off-by: Slawomir Rosek <srosek@google.com>
This appears to be an oversight in T sepolicy???
Based on observed logs (on a slightly hacked up setup):
04-04 20:38:38.205 1548 1935 I Nat464Xlat: Stopping clatd on wlan0
04-04 20:38:38.205 1548 1935 I ClatCoordinator: Stopping clatd pid=7300 on wlan0
04-04 20:38:43.408 1548 1548 W ConnectivitySer: type=1400 audit(0.0:8): avc: denied { sigkill } for scontext=u:r:system_server:s0 tcontext=u:r:clatd:s0 tclass=process permissive=0
04-04 20:38:43.412 1548 1935 E jniClatCoordinator: Failed to SIGTERM clatd pid=7300, try SIGKILL
04-04 20:39:27.817 7300 7300 I clatd : Shutting down clat on wlan0
04-04 20:39:27.819 7300 7300 I clatd : Clatd on wlan0 already received SIGTERM
04-04 20:39:27.830 2218 2894 D IpClient/wlan0: clatInterfaceRemoved: v4-wlan0
04-04 20:39:27.857 1548 1935 D jniClatCoordinator: clatd process 7300 terminated status=0
I think this means SIGTERM failed to work in time, and we tried SIGKILL and that was denied, and then the SIGTERM succeeded?
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia55ebd812cb9e7062e3cb10d6cb6851638926868
Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.
Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.
Bug: 274530433
Test: Locally added some code to set those properties and saw it being
successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
Introduce hypervisor-generic type for VM managers:
vm_manager_device_type.
Bug: 274758531
Change-Id: I0937e2c717ff973eeb61543bd05a7dcc2e5dc19c
Suggested-by: Steven Moreland <smoreland@google.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Adds persist.sysui.notification.builder_extras_override property
and associated permissions, which will be used to flag guard
a change in core/...Notification.java.
Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because Notification.java
is a core library), but setting should only be possible
internally (and via debug shell).
Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d
We are changing the --save-for-bugreport feature and moving
the file opening/write from the traced service to the perfetto
cmdline client.
This is as part of a bigger refactor to simplify the API surface
in view of non-destructive snapshots of trace buffers.
Add matching sepolicies to perfetto.te
Bug: 260112703
Test: atest perfetto_integrationtests --test-filter '*PerfettoCmdlineTest*'
Change-Id: Ic1dd6b1bf3183f6b7fb551859e35cae950676ffb
This is so that we can potentially verify that things
are setup right.
Test: TreeHugger
Bug: 275209284
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59a49cbece2710345fff0b2fb98e32f4e5f3af44
In commit 7ba4801, the execute permission for all isolated_app was
removed. Grant access to isolated_compute_app which requires it.
The new treble test TestIsolatedAttributeConsistency is updated to
capture the new permission. See b/275263760.
Bug: 265960698
Bug: 275024392
Bug: 275263760
Test: atest CtsVoiceInteractionTestCases:android.voiceinteraction.cts.VoiceInteractionServiceTest
Change-Id: Ide27a7e351e8f53b0f5b1ad918a508d04ef515a1
We want to allow both the VM and ART to contribute to the VM config
(e.g. memory size), so define labels for 2 sets of properties and
grant the necessary access.
Bug: 274102209
Test: builds
Change-Id: Iaca1e0704301c9155f44e1859fc5a36198917568
Bug: 265960698
Test: flash, boot and use Chrome; no denials related to isolated_app
Test: crash Chrome using chrome://crash; no new denials from
isolated_app
Test: atest CtsWebkitTestCases
Change-Id: I0b9e433eb973a5e99741fc88be5e13e9704c9c9e
These have been replaced with a dontaudit rule in netd.te in
commit e49acfa.
Bug: 77870037
Test: TH
Change-Id: I1fc9996141419ec3a6194f97c4c42062cbeb4754
Controls default enable or disable for binaural and transaural.
Test: see bug
Bug: 270980127
Merged-In: I190644e88a520cf13ee2b56066d5afd258460b9e
Change-Id: I190644e88a520cf13ee2b56066d5afd258460b9e
aosp/1696825 added the ability for dumpstate to signal Keystore on
debuggable builds, but this means that there will be an audit denial
message on non-debuggable builds. Suppress this, in particular so that
the test mentioned below can pass on -user builds.
Bug: 269672964
Test: CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenial
Change-Id: I68a41f6b94d615f80e4d1490ec4159436693dce2
Bug: 218588089
Bug: 273324345
Test: 1. m -j selinux_policy
2. Build cf_x86_64_auto lunch target.
3. Launch cvd in the accelerated graphics mode.
4. Run evs_app and confirm the color bar pattern is shown on the
display.
> adb root && adb shell evs_app --test
6. Do the same on sdk_car_x86_64 lunch target.
Change-Id: I1f570e7d43981ce2f5a7ae0d78ee3d5bfa8c7576
This was accidentally copied and pasted from the app domain. The intent
was for system_server to be able to read the prop.
Test: manually
Bug: 269246893
Change-Id: I78d5fa62a2e112d3bf363b8d96348a645ef4caaa
VirtualizationManager (and indirectly crosvm) now runs as a child
process of the client, which could be a process forked from zygote.
As a result, these get tracked as phantom processes of the client and
system_server will try to kill them if it chooses to kill the client.
Currently this does not work because system_server is not allowed
sigkill for the corresponding domains. In theory, that should not be
a problem because virtualizationmanager will automatically kill any
crosvm instances and terminate itself if its parent dies, but we should
not rely on that fact and instead give system_server the ultimate
control over app process termination.
Bug: 269461627
Test: atest MicrodroidTestApp
Change-Id: Ie0ba5388d00a51812c9424c37f2f74983bea9db8
This way, we can change things like the RKP hostname or enablement
from the shell for tests.
Bug: 265196434
Test: manual (adb shell setprop ...)
Change-Id: Ib853eaf29b395705eba57d241df064152220457e
