They are under RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES
Bug: 331708504
Test: check if the display shows
Change-Id: I06859493c995e384e1f30554a6a12b9cd3636f30
Updates to allow profiling module to run new trace_redactor binary.
Allow the trace_redactor binary to read the input trace file and write
the output file.
Bug: 327423523
Test: build/flash and
atest CtsProfilingModuleTests#testRequestSystemTraceSuccess
Change-Id: Id6684d8a9891e9ed42fe115066e41a89a7e8a097
This is for more information on binder threads during ANRs.
Test: adb shell am hang
Bug: 316970771
Change-Id: I905c8b605540aabb7463cb0e1b3a9a8b07f8d5cb
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
Vendor_init needs to read this property to process event triggers
depending on ro.product.build.16k_page.enabled .
Test: th
Bug: 319335586
Change-Id: I4f52073fbd2a138d84162710c925f65cc705c356
- Add pm.dexopt.* properties.
- Add rules for running artd in chroot.
Bug: 311377497
Test: manual - Run Pre-reboot Dexopt and see no denial.
Change-Id: If5ff9b23e99be033f19ab257c90e0f52bf250ccf
This allows RecoverySystem to destroy all secretkeeper secrets before
rebooting into recovery, thus ensuring that secrets are unrecoverable
even if data wipe in recovery is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
est: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: Ia0c9e4ecf839590ecbb478836efcd00bbeea5f47
Read access to this file is needed by any process that reads flags.
For now, exclude access to vendors.
Bug: 328444881
Test: m
Change-Id: I1899d2a0c61a6286fc285a532244730ad1e4a0fc
This allows RecoverySystem to destroy all synthetic blob protector keys
and make FBE-encrypted data unrecoverable even if data wipe in recovery
is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: I5be2f9e8314d36448994f4f14ff585ded7095c8c
While testing aconfig storage file read by a demo app. We discovered
the need to do metadata_file:dir search in logcat log.
Bug: b/312459182
Test: demo app start
Change-Id: I0872ff192280228cc2270ae4a04755bc5cfbd9cc
Just allow aconfig_storage_metadata_file:file read permission is not
enough to read the pb file, we also need
aconfig_storage_metadata_file:dir search permission.
Bug: b/312459182
Test: audit2allow after having demo app access the file
Change-Id: I1790ea84a56e83f43313af82378f245e2bb6597e
For aconfigd test, for atest to work, the shell domain needs to be able
to connect to aconfigd_socket. In addition, aconfigd needs to be able to
access the test storage files as shell_data_file. All these policies are
only needed for userdebug_or_eng build.
Bug: 312459182
Test: m, launch avd, atest, then audit2allow, no avc denials found
Change-Id: Ifb369f7e0000dfe35305fe976e330fa516ff440c
LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.
Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.
Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
It is used by profcollectd to notify vendor_init to trigger
a manual probe of coresight etr.
Bug: 321061072
Test: build and run on device
Change-Id: I5aa65f8d5a25f1284f09111c940f0a2c1a62ac18
This will allow odrefresh to move files from staging dir to output dir
instead of copying.
Test: -
1. Patch https://r.android.com/2991838
2. atest odsign_e2e_tests_full
Change-Id: I8fec4db3ff720f84a58e41439089ea55e53301b4
Found when making the tests for permissive MTE, which are part of the
CTS test suite because I really, really don't want to fork hundreds of
lines of Java glue. But, CTS tests aren't supposed to only run on rooted
devices (even though there's examples of this in the tree already).
I think either way, ideologically, we should allow non-root users to
enable permissive MTE. This would be useful for a person who wants to
dogfood MTE with all apps on, but use a retail build. I can think of at
least a few researchers that would probably find this useful.
Bug: 328793166
Test: adb unroot && adb shell setprop persist.sys.mte.permissive 1
Change-Id: Ie905e23c9600986cb436e1cc7490e28678710696
we have CAP_CHOWN but we can't use it
to custom configure directory uid/gid.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I41bdab8d5b7b4cfc5cdc568909c9c6b9947e2bca
The report_off_body permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#onDeviceOffBody() served by keystore2.
That API is being removed because it is unused
(https://r.android.com/2974277). Therefore, stop granting the
report_off_body permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
However, document the access vectors that are known to be unused.
Bug: 289849354
Test: atest CtsKeystoreTestCases
Change-Id: I344a1a8ad1dc12217b414899994397d5e62bd771
(so we can check if we need to change it)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I229a772ec6ecebcd8826730af568980f578842ee
Unfortunately 202404 sepolicy changed a little after vendor API freeze.
Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
There's no way to currently define a new domain with map_read/write
access.
That's clearly desirable for example for vendor use of xt_bpf programs.
I believe that also holds true for prog_load which is checked
at attachment, and will be needed in the future to support things
like vendor tracepoint attachment.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6125f3de2f8a8dde0891ddabedfafe35f521e681
Add policy to control ro.lmk.use_psi property for lmkd.
Test: m
Bug: 328681151
Change-Id: Ie30d1c62a7f0594961667b3e2d2064be89e91506
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Should be the same as for update_engine
Test: Boot the VM, make sure the service works.
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Bug: 328227527
Change-Id: I8521716dcf43e5e7c41c4ecd36be128bacbe07b4
This change adds rules for system properties "sys.snapshotctl.map" and
"sys.snapshotctl.unmap", for controlling snapshotctl.
This change also adds the missing rules for snapshotctl to perform its
job. Initially, the rules for snapshotctl were added by
http://r.android.com/1126904, for running snapshotctl through init
(http://r.android.com/1123645). However, the trigger was then removed by
http://r.android.com/1239286. Since then, snapshotctl can be only run by
the root shell, in which case it is run in the "su" domain, so the rules
are not tested and therefore get stale over time. To make snapshotctl
function properly when run by init, we need to add the missing rules.
Bug: 311377497
Test: adb shell setprop sys.snapshotctl.map requested
Test: adb shell setprop sys.snapshotctl.unmap requested
Change-Id: I304be6e1825a6768f757d74b3365c4d759b9d07e
Bug: 327954176
Test: m treble_sepolicy_tests_202404
Test: m 202404_compat_test
Test: m selinux_policy
Change-Id: I6bdcbff305c0cc998bdd809006feb02e0609784d
/data/misc/connectivityblobdb/
The Settings app is expected to read and
write to the wifi database file.
Bug: 304553176
Test: Manual test
1. Add a call in the Settings app
to WifiKeystore#put().
2. Open the Settings app.
3. Verify that the call succeeds.
Change-Id: I0d48dd155f93c3cd25b5c422fe0174bcdbe0a727
This defines the kcmdline_prop context for properties controlled by
kcmdlinectrl, and defines a property called kcmdline.binder for
switching between the Rust and C implementations of the Binder driver.
It is intended that additional kcmdline properties introduced in the
future would share the same kcmdline_prop context.
Test: Verified that setprop/getprop work and that the value is loaded properly at boot
Bug: 326222756
Change-Id: Iea362df98d729ee110b6058c6e5fa6b6ace03d8e
Create a new folder for connectivity blobs, to be used by
ConnectivityBlobStore for VPN and WIFI to replace legacy
keystore.
System server will need permissions to manage databases in the
folder and system server will create the folder in init.rc.
Bug: 307903113
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Test: build and manual test.
Change-Id: Ib51632af9624d8c3ebf2f752547e162a3fbbb1b0
policy
system, system_ext, product and vendor partitions have aconfig storage
files under /<partition>/etc/aconfig dir. need to grant access to
aconfigd.
Bug: b/312459182
Test: m and tested with AVD
Change-Id: I9750c24ffa26994e4f5deadd9d772e31211a446a
